Security Engineer

We are looking for a passionate and experienced Senior Information Security Engineer to join our top-tier tech team. You will be a key member of our security function, responsible for designing, implementing, and continuously improving security across our global multi-cloud environment. You will not only respond to security incidents but also drive forward-looking security strategies and technical innovation. Key Responsibilities - Threat Modeling & Incident Response: Build and maintain global cloud security incident response mechanisms, develop clear playbooks, and lead regular drills. Quickly handle complex security incidents, perform root cause analysis (RCA), and implement preventive measures. - Security Architecture & Operations: Design, deploy, and maintain security solutions across multi-cloud platforms (AWS, GCP, Azure), ensuring architecture is scalable, resilient, and future-proof. - Enterprise Security Leadership: Drive security strategy alignment with business processes, continuously raising organizational security maturity. - Compliance & Automation: Ensure security practices meet international standards such as ISO 27001, ISO 27701, SOC 2. Promote security automation and “Security as Code” initiatives to improve operational efficiency. - Vulnerability Management & Penetration Testing: Conduct regular vulnerability scans, risk assessments, and penetration tests. Track emerging threats and coordinate remediation efforts. Qualifications Required: - Bachelor’s degree in Computer Science, Cybersecurity, or related field, with 3+ years of experience in information security. - Strong expertise in cloud security, with hands-on experience in at least two major cloud platforms (AWS, GCP, Azure) and native security tools (e.g., AWS Security Hub, GCP Security Command Center). - Solid Linux system security skills, including hardening, log analysis, intrusion detection, and incident response. - Proven ability to handle high-pressure security incidents and perform clear post-incident reviews. - Strong knowledge of web and application security, with experience in penetration testing and code audits. Preferred: - Recognized contributions to bug bounty programs or high-quality vulnerability reports. - Strong performance in CTF competitions or deep interest in offensive/defensive security research. - Professional certifications such as CISSP, CISA, OSCP, AWS/GCP/Azure security certifications. - Experience developing security tools or automation scripts using Python, Go, or similar languages.