Senior Security Engineer, Detection and Response

Cape is a company founded by experts in privacy and national security, aiming to create a privacy-centric cellular network. They are seeking a seasoned Security Engineer to design, implement, and maintain security measures that comply with regulatory standards and enhance internal processes.

Responsibilities:

• Design, implement, and manage robust security controls and policies across the business, enhancing our detection and response capabilities
• Assist in addressing findings from automation and tooling, ensuring prompt and effective response and remediation
• Run and manage detection tooling and automation across the organization
• Stay informed about the latest security threats, vulnerabilities, and compliance mandates affecting cloud environments, providing guidance on emerging technologies and security best practices
• Offer expert guidance and mentorship to junior security team members and employees across the company, fostering an organizational culture of security awareness and continuous improvement
• Collaborate with stakeholders to integrate security requirements effectively into IT projects and business initiatives

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
• A minimum of 7 years of experience in information security, with at least 3 years concentrated on detection and response
• Deep understanding of AWS architecture, security services, and best practices for securing cloud applications and data
• Proficiency in using infrastructure as code (IaC) tools (like Terraform or AWS CloudFormation) and in automating security tasks within AWS
• Skilled in scripting languages (Python, TypeScript, Go) for the automation of security tasks and the integration of security tools
• Solid knowledge of network security, encryption technologies, and secure coding practices
• Excellent analytical skills for identifying and mitigating complex security vulnerabilities and risks
• Strong communication and leadership abilities, capable of working collaboratively across teams and effectively conveying technical information to non-technical stakeholders
• Organized and able to manage multiple priorities in a dynamic, fast-paced environment
• Experience running incidents
• Knows how to run and optimize SIEMs for optimal detection and response capabilities
• Understands the need for tooling and when it's beneficial vs nice to have
• Collects data and information; uses critical thinking to solve problems and make sound decisions
• Builds partnerships with others to reach common goals
• Presents information through verbal and written communication; reads and interprets complex information; listens well
• Acts quickly to solve problems and exercises good judgment by making sound and well-informed decisions
• Possesses the personal discipline and diligence necessary to keep commitments and to complete tasks
• Values the importance of delivering high quality, innovative service to employees; understands the needs of the client; responds promptly and is accessible to them; follows through on commitments in a timely manner; maintains positive, long-term working relationships; assumes ownership of process issues and takes appropriate steps to mitigate problems; gets consistently high feedback from stakeholders; raises hand to help
• Adjusts quickly to changing priorities, conditions, and challenges; copes effectively with complexity and change; is comfortable navigating ambiguity; can handle business changes with ease and with a lack of frustration or feeling of defeat; feels comfortable dealing with limited unknowns in an area they are well versed in
• Manages multiple projects, determines project urgency in a meaningful and practical way, uses goals to guide actions, creates detailed action plans, and organizes tasks
• Advanced degrees or certifications (e.g., CISSP, AWS Certified Security Specialty) being advantageous