Security Control Engineer

Requirements

• Technical experience with designing and applying security controls and capabilities to cloud-based infrastructure (e.g. AWS, GCP) and applications in creative ways that bring efficiency to operations.
• Experience in working directly with software engineering teams in designing new capabilities, controls, and procedures that result in collaborative designs that are effective and highly efficient.
• Strong technical background, with experience in distributed systems, cloud security, and related technologies, and a passion for finding creative solutions to difficult problems.
• Knowledge of threat modeling for the purposes of understanding threat probabilities and frequency.
• Excellent communication skills with an ability to translate technical and security jargon into business-relevant insights.
• Ability to liaise effectively with other departments and external stakeholders.

Nice to Haves

• Experience in a fast-paced tech environment or fintech sector.
• Knowledge of container security, Kubernetes, Kafka, and other emergent technologies.
• Experience with control automation via code (e.g. Python, Go).
• Hands-on experience with obtaining and maintaining a security certification such as SOC 2, ISO 27001, PCI-DSS.
• Proficiency in leading security risk assessments, preferably with knowledge of the FAIR framework.

What You'll Be Doing

• Control Architecture & Design: Actively participate in the technical and operational design of capabilities, tools, and procedures to mitigate security and business continuity risks to acceptable levels. Provide domain expertise in Thought Machine’s approach to its product and cloud security.
• Certifications Management: Assist the process of obtaining, renewing, and maintaining Thought Machine's certifications, including ISO27001, ISO22301, PCI-DSS, and SOC 2 Type 2. This also includes the design of capabilities, tools, and procedures that satisfy the requirements of these regimens.
• Security Risk Assessments: Spearhead security risk assessments with a focus on risk quantification and FAIR, ensuring that potential threats are identified, quantified, and addressed promptly.
• Policy, Standards, and Procedures: Oversee the creation, maintenance, and updating of all security-related policies and documentation, ensuring that they are current and reflect industry best practices.
• Client Relations Support: Assist the Commercial team by providing expert insights and answers to security-related queries from clients and prospects, instilling confidence in our security posture.

Perks and Benefits

• Highly competitive salary
• Voluntary Pension Plan (match up to 5%)
• Private Healthcare Insurance
• Comprehensive Life Insurance
• 25 days holiday plus public holidays
• Two charity days a year
• Daily Meal Allowance
• Access to outstanding learning materials and courses
• Sports and hobby clubs, subsidized by Thought Machine
• All the latest tech you need
• Huge range of healthy (and not-so-healthy) snacks, smoothies and drinks
• A talented and experienced team as your colleagues
• An environment where we encourage learning and progress