Security Policy Engineer (M/W/D)
Mondoo is creating a new way that helps companies keep their users and data safe from hackers around the world.
We believe that a great user experience and visual design will help our users to love and enjoy our product and make it easier to take action against attackers.
Your impact You will have a direct impact on the Mondoo Platform including our policy engine, resources, scale, and multi-region functionality.
You will be helping teams to assess, scope, prioritize, triage and remediate security findings.
Key responsibilities We're seeking a skilled Security Policy Engineer to join our dynamic team.
In this role, you'll be responsible for translating complex security requirements into code, implementing and maintaining security policies across our infrastructure, and collaborating with various teams to ensure our systems meet the highest security standards.
You'll play a crucial role in our "policy as code" approach, helping to automate and scale our security practices.
Translate security requirements and compliance standards into executable code and policies Develop, implement, and maintain security policies using policy as code frameworks (MQL) Collaborate with security, development, and operations teams to integrate security policies into CI/CD pipelines Design and implement automated security checks and controls across cloud environments (AWS, Azure, GCP), Kubernetes and operating systems Contribute to the development of internal security tools and libraries Participate actively in our RFC (Request for Comments) process for security architecture and policy decisions Conduct security assessments and audits to ensure compliance with internal policies and external regulations Optimize existing security policies for performance and scalability Stay up-to-date with emerging security threats, compliance requirements, and best practices in policy as code Troubleshoot and resolve security policy implementation issues Provide guidance and training to other teams on security policy implementation and best practices Contribute to the continuous improvement of our security posture and processes Required qualifications Bachelor's degree in Computer Science, Cybersecurity, or related field 3+ years of experience in security engineering or policy implementation Strong programming skills in at least one language (e. g. , Go, Python, Java) Experience with policy as code frameworks (e. g.
Open Policy Agent, HashiCorp Sentinel) Proficiency in writing and maintaining infrastructure as code (e. g. , Terraform, CloudFormation) Solid understanding of cloud security principles and best practices Strong knowledge of at least one major cloud platform (AWS, Azure, or GCP) and its security features Extensive experience with Linux and Windows operating systems In-depth understanding of TCP/IP networking protocols and concepts Experience with container technologies and orchestration (e. g. , Docker, Kubernetes) Familiarity with common compliance standards (e. g. , CIS, SOC 2, ISO 27001, HIPAA) Experience with version control systems (preferably Git) Excellent problem-solving and analytical skills Strong written and communication skills with proven fluency in English Ability to articulate complex security and IT concepts to both technical and non-technical audiences Preferred qualifications Master's degree in Cybersecurity or related field Relevant security certifications (e. g. , OSCP, CISSP, CCSP, CSPM) Cloud-specific certifications (e. g. , AWS Certified Security - Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer) Experience with multiple cloud platforms (AWS, Azure, GCP) Familiarity with cloud-native security tools and services Experience with SIEM tools and log analysis in diverse IT environments Knowledge of compliance frameworks for both cloud and on-premises infrastructures Familiarity with threat modeling and risk assessment methodologies for various IT architectures Knowledge of cryptography principles and implementations across different platforms Experience with security automation and orchestration tools in heterogeneous environments Contributions to open-source security projects or tools Previous experience participating in or leading RFC processes for complex security architectures Application Process As part of your application, please share links to your GitHub/GitLab repositories or a portfolio of projects that demonstrate your experience with security policy implementation, policy as code, and relevant cloud security tools.
We're particularly interested in seeing examples that showcase your ability to translate complex security requirements into executable code for cloud environments.
If you're passionate about enhancing cloud security through code, implementing scalable and automated security policies across cloud platforms, participating in collaborative security design processes, and staying at the forefront of cloud security best practices, we'd love to hear from you!
#J-18808-Ljbffr
Diventa il primo a rispondere a un'offerta di lavoro!
-
Perché cercare un lavoro con PostiVacanti.it?
Ogni giorno nuove offerte di lavoro È possibile scegliere tra un'ampia gamma di lavori: il nostro obiettivo è quello di offrire la più ampia selezione possibile Ricevi nuove offerte via e-mail Essere i primi a rispondere alle nuove offerte di lavoro Tutte le offerte di lavoro in un unico posto (da datori di lavoro, agenzie e altri portali) Tutti i servizi per le persone in cerca di lavoro sono gratuiti Vi aiuteremo a trovare un nuovo lavoro