Senior Platform Security Engineer

A multi-national Global leading company we are partenred with are looking for a Security engineer to join their and enhance the security posture of their platforms.

Responsibilities:

• Lead the adoption and integration of DevSecOps practices within DevOps environments.
• Act as the main point of contact for security matters, facilitating access to subject matter expertise within the cybersecurity organization.
• Evaluate information security risks associated with business initiatives, assess potential impacts, and monitor remediation activities throughout project lifecycles.
• Collaborate closely with IT professionals, including developers, architects, product owners, and business stakeholders, to align platform security with organizational risk tolerance and evolving threat landscapes.
• Develop deep expertise in platform-specific security requirements, ensuring embedded security measures are appropriate and effective.
• Partner with colleagues to identify and implement shared security solutions and best practices.
• Support risk and compliance functions by contributing to the development, review, and updating of information security policies and standards.
• Maintain up-to-date knowledge of emerging security technologies, systems, trends, and industry best practices.

Qualifications

• Master’s or Bachelor’s degree in Information Technology, Cybersecurity, Information Systems Security, or a related discipline, or equivalent technical training and experience.
• At least 4 years of hands-on experience in IT and Information Security, with a demonstrated ability to work independently.
• Strong understanding of security architectures across cloud, mobile, enterprise, web, and application environments.
• Proficient in using threat modeling frameworks such as MITRE ATT&CK, STRIDE, and PASTA.
• Solid knowledge of key security standards and frameworks, including ISO 27001, ISO 27017, NIST, NTSC, OWASP, CIS Benchmarks, and CVSS.
• Skilled in security testing methodologies to prevent vulnerabilities such as remote code execution, SQL injection, and cross-site scripting (XSS).
• Experience with securing cloud environments and microservices-based architectures.
• Familiarity with legal and regulatory requirements related to information security and data protection.
• Specialized expertise in areas such as web and mobile application security and data protection strategies, with the ability to mentor and share knowledge with peers.
• Broad knowledge of security principles, with deep technical expertise in two or three specific domains.
• Excellent communication skills, with the ability to clearly convey technical concepts to both technical and non-technical audiences.
• Openness to working in a hybrid model, with availability to work onsite up to three days per week (e.g., at a designated office location).

I look forward to your applications and speaking furtehr about this!