Security Engineer

📋 Description

• • As a Security Engineer at Ben Technologies Inc., you will play a pivotal role in shaping and fortifying the company's information security posture across critical domains including infrastructure, product development, and regulatory compliance.
• • This is a high-impact position within a lean, agile team, offering direct mentorship from the Head of Infosec and the autonomy to lead and own significant security projects from inception to completion.
• • You will be instrumental in embedding secure-by-design principles throughout the entire software development lifecycle (SDLC), ensuring that security is a foundational element rather than an afterthought.
• • This includes actively participating in secure coding practices, conducting thorough threat modeling exercises, and performing rigorous design reviews for both new features and existing systems.
• • A key responsibility will be the proactive monitoring of all systems for anomalous behavior, coupled with the design and implementation of sophisticated detection and prevention mechanisms to safeguard against emerging threats.
• • You will ensure that the company's infrastructure and applications consistently adhere to widely recognized industry best practices and standards, such as the OWASP Top 10 and the AWS Well-Architected Framework.
• • The role involves conducting comprehensive risk assessments, which will encompass evaluating the security of third-party vendors and conducting internal security evaluations to identify and mitigate potential vulnerabilities.
• • You will be responsible for meticulously documenting and maintaining security policies, procedures, and controls, ensuring alignment with the company's ISO 27001-certified Information Security Management System (ISMS).
• • Take direct ownership of existing security tooling, including endpoint protection (EDR), Mobile Device Management (MDM), and access control systems, ensuring they are optimally configured, actively maintained, and scaled to meet the evolving needs of the business.
• • Implement and manage new security tools and technologies to enhance the overall security architecture and defense-in-depth strategy.
• • Collaborate closely with engineering teams to foster a security-first culture, providing guidance and support on secure development practices and tooling.
• • Proactively identify and address security vulnerabilities in both infrastructure and product code, working with development teams to implement timely and effective remediation strategies.
• • Develop and maintain robust security monitoring and alerting systems, enabling rapid detection of and response to security incidents.
• • Contribute to the continuous improvement of the company's security posture by researching and recommending new security technologies, methodologies, and best practices.
• • Participate in incident response activities, including investigation, containment, eradication, and post-incident analysis, to prevent recurrence.
• • Translate complex technical security requirements into clear, actionable policies and procedures that are easily understood by all stakeholders.
• • Drive the adoption of security best practices across the organization through training, awareness programs, and direct engagement with teams.
• • You will be a key player in ensuring the company meets its compliance obligations, particularly concerning ISO 27001 and potentially other relevant frameworks.
• • The role demands a proactive approach to risk reduction, focusing on holistic security controls that encompass technology, people, and processes.
• • Embrace a generalist mindset, comfortable operating across infrastructure, product security, and compliance domains, while leveraging deep expertise where applicable.
• • This is a hands-on role that requires a blend of strategic thinking and practical implementation, offering the opportunity to make a tangible impact on the security and success of a rapidly growing company.