The Security Engineer at Catena Media is responsible for continuously raising the bar on security across our environments whilst working and collaborating with Catena Media’s cross-functional teams to provide guidance on security best practices and help in building Catena’s kick-ass products.
SCOPE OF THE JOB
As a member of the Cyber Security team at Catena Media, you will drive cloud security engineering for our enterprise IT and Business IT teams in both IaaS/ PaaS and SaaS implementations on the likes of AWS, Azure, Kubernetes etc.
Proactively identify and reduce security risks
Provide subject matter expertise within Catena’s systems (AWS environments, Kubernetes clusters and the systems running within them along with our Internal networks and Corporate systems)
Conduct and plan periodic offensive testing across Catena’s systems to ensure that Catena’s integrity, availability and security are maintained
Implement and operate technical measures & systems to ensure Catena Media’s environments are secure and security policies / standards are adhered to
Assist with the execution of processes defined to respond to and recover from a security breach
Identify & Implement tooling required to sustain and support Catena’s security strategy (such as Rapid7, Detectify, Azure)
Monitor systems using tooling such as Rapid7 and Detectify for unexpected activity to ensure Catena Media’s security stance remains secure
Be responsible for the identification of vulnerabilities in Catena Media’s Internal & External environments and seek their remediation within established timeframes by communicating with the relevant stakeholders
Be part of the response and lead the technical investigation following the detection of security incidents
Develop security training and guidance to internal teams & other stakeholders
Out of work hours could be required during an incident.
TO DO IT, YOU WILL NEED
You are fluent in written and Spoken English
You employ a flexible and constructive approach when solving problems
You have at least 3 years experience within the IT Security field
Experience in providing security services for Cloud environments (including Microsoft Azure and Amazon Web Services (AWS)).
Experience with Security technologies (Fortinet, Azure, Office 365, G-Suite and AWS)
Experience with Security tools such as Rapid7, Detectify, Elastic etc.
Hands-on Experience with Networking, TCP/IP
Confident in System & Network administration
You are confident on common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
Knowledge of logging tools such as Kibana, Elastic and Logstash
You are confident with browser-based security controls such as CSP, HSTS, XFO
Proven experience with database solutions such as, MSSQL, MySQL, mongoDB
If you have experience with SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond) will be considered an asset
Security related certifications such as OSCP, OWSP, CCNA Security ,CISSP and CEH will also be considered an asset