Security Engineer at Prodigy Finance

What you will do in the role

• As a growth company in the fintech space we’re often working with cutting edge, cloud-based technologies, where traditional security models don’t always work. You’ll assist in coming up with novel and practical ways to secure our services, as well as potentially improving what we already do. This is a great position if you’d like to get involved with innovative tech, have an exploratory mind, and want to work with many other teams and levels of seniority!

This role is beyond just infrastructure security, the ideal candidate will help lead the business in the right direction for all Information Security areas.

What would the ideal candidate be great at?

• Endpoint Security and Hardening
• Policy Work and Development
• Good understanding of modern IT Governance
• Information Systems Risk Management
• Is constantly up to date with the latest security threats in the industry & mitigations
• Experience configuring & integrating many different technologies - Firewalls, SIEM, IDS, PAM, MDM, QOS, etc
• The ability to lead conversations in the business regarding information security

Qualifications and experience:

• Preferably a tertiary degree in a computer science/information systems or related field
• Relevant security-related certifications (e.g. Security+, CySA+, AWS CSS, GSEC, OCSP, CISM/CISSP)
• 5+ Years of professional experience working in an IT Security Related role
• 3+ years of professional experience working in a technical security-related position
• Linux/Unix/Mac Administration
• Active Directory policy development and Windows Server Operations
• Identity and Access Management platform configuration/management
• E-Mail Platform configuration and maintenance
• Thorough understanding of networking, firewalls and system security
• Experience securing cloud technologies
• Competency with configuring rule sets and system policies
• Understanding of application security concepts
• Experience with penetration testing or ethical hacker-based activity
• Experience with internal/external IT audits
• Experience with incident response and management
• Bash / Powershell Scripting 
• Knowledge of the SDLC
• Knowledge of secure coding practices (eg. OWASP Top 10)
• Cloud/system administrator experience

Nice to haves 

• Solid exposure/experience with security frameworks including, but not limited to: ISO27001, PCI/DSS, etc
• Experience with hardware security solutions (Meraki, Fortinet, Cisco).

What are some of the roles and responsibilities of this role?

• Manage Endpoint Detection and Response solution
• Management and Tuning of Email security systems (Rules, Policies, Records Management, Spam, Viruses and Malware)
• Management of relationships of internal business units to support and continuously improve security-related infrastructure/solutions
• Perform Risk assessments of third-party cloud platforms and softwares
• Manage and develop company wide security awareness training
• Work with metrics and data to filter out suspicious activity, finding and mitigating risks before breaches occur
• Configuring various platforms (e.g. Firewalls, Mail servers, SIEM, etc) to detect/filter/flag suspicious activity - finding and mitigating risks before breaches occur.
• Perform internal security audits & assist with ad-hoc audits
• Implement security best practices and governance according to various industry standards and as required by regulators
• Continuously updating and development of relevant company policies (e.g. Security Policy)