Zaelab

Compensation

Full Description

As a Security Engineer, you will own end-to-end security across multiple enterprise and mid-market cloud projects. Your initial mission is to embed automated controls and best practices into every AWS- and Azure-based delivery, shifting the organisation from reactive fixes to a proactive security posture. Reporting directly to the Director of Engineering, Cloud, you will partner daily with Technology, Cloud, Engineering and Account-Management teams and act as a client-facing security authority - able to brief both technical staff and C-level executives. Your Responsibilities Design, implement and enforce comprehensive Secure SDLC processes, integrating automated security controls, threat modeling, secure coding standards, and continuous security testing throughout the entire development lifecycle. Develop, document and enforce security policies in our Confluence-based knowledge base and project DMS. Harden multi-account AWS and Azure estates (EC2, S3, IAM, VPC, CloudTrail, CloudFront; Virtual Machines, Storage Accounts, Key Vault, NSG, Policy, Monitor). Deploy and tune SIEM/log-management platforms (Splunk, ELK, Microsoft Sentinel); craft queries and dashboards that surface actionable threats. Run scheduled and continuous vulnerability scans (Qualys, Rapid7, Defender), interpret results and drive remediation with Engineering. Configure and manage security edge controls—firewalls, WAFs (Akamai, AWS/Azure WAF) and IDS/IPS—tailored to each client’s risk profile. Integrate SCA (Trivy, Grype, Snyk) and DAST (OWASP ZAP) tooling into build pipelines; champion secure-by-design coding practices. Lead security architecture reviews and threat-model sessions with cross-functional, multi-country delivery teams. Present findings, roadmaps and risk mitigation strategies directly to enterprise clients, translating technical issues into clear business impact. Continuously evaluate emerging threats, Zero-Trust patterns and supply-chain risks; recommend tooling and process improvements that keep us ahead of third-party scans. 7 + years of hands-on security engineering in cloud-native, agile environments. Expert knowledge of core AWS and Azure services and how to secure them at scale. Proven SIEM experience—log ingestion, correlation rule creation and dashboarding. Deep understanding of vulnerability management tools and remediation cycles. Practical experience with WAF/IDS/IPS configuration, network protocols (TCP/IP, DNS, HTTP) and Zero-Trust/IAM best practices (AD, Azure AD, Okta). Comfort operating as a solo security function: you set the standards, choose the tools (budget approved) and drive adoption company-wide. Consultative mindset with excellent written and verbal English; able to brief board-level stakeholders and guide client teams through complex security topics. Will be a plus Container and Kubernetes hardening, DevSecOps pipeline design, CNAPP familiarity, compliance frameworks (SOC 2, ISO 27001, PCI DSS) and industry certifications (CISSP, AWS Security Specialty, Azure Security Engineer Associate, CKS). Experience working with US clients Competitive compensation depending on experience and skills Unlimited, paid time off and vacation Budget for certifications and IT conferences Friendly team to work with around the world Be a team player in an agile software development environment focused on collaboration and continuous integration Comprehensive health insurance and retirement benefits: United States: Health Insurance and 401(k) plan. Canada: Health Insurance and Employer-Sponsored Retirement Plan.