Security Engineer

Job Description

Cleafy is a SaaS company, a team of fraud hunters, cybersecurity experts, data scientists, and software engineers that since 2014 share the same dream: make technology a safer place.

Every day, we work side by side with our customers to help them safely navigate digital opportunities, while growing their business.

Cleafy has recently secured a €10 million Series A capital raise from United Ventures to fund its international expansion.

Job Description:

We are looking for a highly skilled Security Engineer to join our Security & Compliance team. The ideal candidate will possess a strong technical background, particularly in cloud security technology. 

You will be responsible for implementing, managing, and monitoring security measures to protect our cloud infrastructure, network, systems, and data.

Responsibilities:

• Implement, maintain and monitor robust security measures within the cloud, particularly on Google Cloud Platform (GCP).
• Implement, maintain and monitor security controls within CI/CD pipelines (Bitbucket, Terraform, Jenkins), and assist in the SSDLC process (Threat Modelling, SAST, DAST, SCA).
• Conduct regular security assessments. Implement strategies to mitigate identified threats and vulnerabilities.
• Harden endpoint devices, particularly Macs, by implementing appropriate security configurations and controls (CIS).
• Monitor and respond to security incidents and alerts as L2, ensuring timely resolution and minimal impact.
• Work closely with IT and Engineering teams to ensure applications and systems are securely designed and implemented.
• Assist in the creation and maintenance of security documentation and reports.
• Effectively communicate security concepts and solutions to both technical and non-technical stakeholders.

Requirements

• BS/MS in Computer Science, Information Security, or a related field.
• 3 to 5 years of experience as a Security Engineer or in a similar role.
• Strong knowledge of cloud providers, specifically Google Cloud Platform (GCP).
• Hands-on experience with firewalls, IDS/IPS, SIEM, XDR and other cloud security tools.
• Experience in endpoint device hardening, particularly for Mac environments.
• Proficiency in scripting languages (e.g., Python, Bash) for automation.
• Experience with securing CI/CD pipelines and implementing security within the SSDLC process.
• Knowledge of threat and vulnerability management practices, including conducting assessments and implementing mitigation strategies.
• Familiarity with regulatory requirements and industry standards (e.g., ISO27001, SOC2).
• Excellent problem-solving skills and attention to detail.
• Strong communication and teamwork abilities, with the capacity to explain security concepts to both technical and non-technical stakeholders.

Plus:

• Relevant certifications such as Security+, Google Professional Cloud Security Engineer, Certified DevSecOps Professional, etc.
• Background as Penetration Tester/Red Team.

Benefits

• Hybrid or remote job. You choose!
• Attractive packages based on skills and experience
• International environment with significant challenges to be met every day
• Personalized support to accelerate your professional growth
• Latest technologies and being encouraged to bring your flair to the role

Working at Cleafy means being part of a group of people that support, respect, and inspire one another, no matter what.

That's why we have been certified by Great Place to Work® (find our page on bit.ly/BestWorkplace-Cleafy).

We are literally changing the status quo in fighting online fraud, and we need great people for that.

Do you have what it takes to be part of the Cleafy family?