Senior Cyber Controls Engineer – Flutter
Cluj-Napoca, Cluj County, Romania
Full Time
1 hour ago
No Sponsorship
Key skills
AWSCyber SecurityFlutterJenkinsPythonPowerShellGitHub ActionsCloudFormationLambdaOktaActive DirectoryGitHubJiraCI/CDCollaboration
About this role
Role Overview
- The Senior Cyber Controls Engineer will design, build, and manage the integrations that power Flutter UK&I's Cyber Controls Monitoring platform (Anecdotes), owning the full integration lifecycle from architecture through delivery.
- Working closely in the CCM team, the role sits at the intersection of technical engineering and control testing & monitoring, ensuring cybersecurity controls are continuously tested, evidenced, and aligned to regulatory frameworks.
- The engineer will be a founding technical contributor to a programme central to Flutter UK&I's cybersecurity strategy, directly shaping the region’s ability to detect control failures, support remediation, and demonstrate control health to key stakeholders.
- Design, build, and maintain all integrations between the Anecdotes platform and key systems, selecting the appropriate method — out-of-box, or custom — based on data requirements and system complexity.
- Ensure seamless connectivity between Anecdotes and critical data sources, always maintaining reliable and secure data flows.
- Manage platform updates and new feature releases, assessing impact on existing integrations and incorporating changes in a controlled and documented manner.
- Develop and implement automated data extraction and testing logic that enables continuous monitoring of cybersecurity controls across Flutter UK&I’s technology estate.
- Build automated detection of downward trends that indicate core control failures, reducing reliance on manual and point-in-time testing.
- Continuously identify opportunities to expand automation coverage across cybersecurity and the wider technology infrastructure.
- Build and maintain scalable data pipelines that extract, normalize, and deliver high-quality control evidence from multiple source systems into Anecdotes.
- Define data extraction logic per control test in collaboration with the CCM team, ensuring outputs meet the desired quality.
- Proactively monitor pipeline health, resolving integrity issues or connectivity failures before they impact monitoring outputs or reporting.
- Ensure all integrations are built in accordance with security best practices including least privilege, secure authentication, and encrypted data transmission.
- Conduct regular technical reviews of the integration architecture, identifying risks and scalability constraints and proposing solutions proactively.
- Support during intake triage by providing technical feasibility assessments and effort estimates for incoming requests.
- Work with second-line assurance, risk, and GRC teams to understand their data requirements, ensuring integrations are configured to meet their evidence and reporting needs.
- Provide input to the Head of Controls Performance & Governance on platform evolution, scaling decisions, and emerging tooling capabilities.
- Maintain comprehensive technical documentation for all integration architectures, connector configurations, data schemas, and platform settings.
- Ensure the platform produces accurate, timely control evidence aligned to relevant frameworks and regulations to support compliance reporting.
- Maintain a technical risk register for the CCM platform, documenting integration risks and data quality issues with proposed mitigations.
Requirements
- Proven experience integrating tooling via APIs, out-of-box connectors, and custom-built integrations.
- Experience with CI/CD tooling such as Jenkins, GitHub Actions, or equivalent, with the ability to build and maintain automated pipelines for deploying and managing integration configurations and platform updates.
- Proficiency in scripting languages (e.g., Python, PowerShell) for building and maintaining automated processes and tasks.
- Solid understanding of NIST CSF, with working knowledge of SOX, ISO 27001 and PCI-DSS.
- Self-motivated, delivery-focused, and comfortable working both independently and collaboratively in fast-moving environments.
- Familiarity with GRC or CCM platforms.
- Hands-on experience with enterprise technologies such as Okta, CrowdStrike, Active Directory, or Jira.
- Experience with AWS security services including Lambda, Security Hub, Config, and CloudFormation.
- Exposure to cyber controls assurance through advisory, internal, or external audit functions.
Tech Stack
- AWS
- Cyber Security
- Flutter
- Jenkins
- Python
Benefits
- Hybrid & remote working options
- €1,000 per year for self-development
- Company share scheme
- 25 days of annual leave per year
- 20 days per year to work abroad
- 5 personal days/year
- Flexible benefits: travel, sports, hobbies
- Extended health, dental and travel insurances
- Customized well-being programmes
- Career growth sessions
- Thousands of online courses through Udemy
- A variety of engaging office events