Security Ops Engineer
We are looking for an enthusiastic and knowledgeable Security Operations Engineer.
In this role, you will be expected to contribute to operating, developing, and improving of GoodData Security Operations practices, processes, and tools. You will be working closely with the Security & Compliance department and across the Engineering and Internal IT on individual security events, issues and tasks. The goal is to create an environment where proactive and systematic monitoring of the information security of customer data in the GoodData Platform takes place, as well as monitoring of GoodData's own sensitive data. As part of this program, we also need to be following emerging threats and risks, and ensuring the readiness to timely and effectively respond to security events.
Security Operations Engineer should be heavily AppSec / Product security oriented person who wants to extend his knowledge to other areas.The Security Operations Engineer will report to the Security Operations Manager.
- Contribute to the security operations strategy across all GoodData operations - GoodData Platform, internal company systems in cloud and on-premise as well as on endpoints.
- Take part in comprehensive security monitoring and security response program in GoodData.
- Handle 1st and 2nd line response to security incidents.
- Work with technology owners and engineers on an investigation, remediation and follow-ups to security incidents.
- Operate and contribute to improvements of GoodData SIEM and security monitoring tools in general, work closely with engineering, operations and internal IT departments on the integration of the existing systems and improvements of the security monitoring and incident response capabilities.
- General knowledge of information security principles, threat and vulnerability landscape, risks and mitigation strategies.
- Strong focus on application/product security (OWASP, SSDLC, SAST) with the ability to communicate with our development teams to improve overall security by design.
- Ability to evaluate and prioritize application-related vulnerabilities and propose remediation process.
- Experience with OSSEC, SonarQube or similar tools is a plus.
- Experience with cloud-based systems and DevSecOps methodology.
- Great communication skills, the successful candidate must be good at communication with technical leaders and at reaching consensus/trade-offs with them.
- Great place to work at Danube House building, Prague – Karlín
- 25 days of vacation + 6 sick days
- Flexible working hours + home office
- Informal working environment, relax zones, gym
- Meal vouchers
- Cafeteria program
- Semiannual bonus program
- Stock options program
- Referral bonus program
- Free beverages and snacks in the office
- GoodLife program: sport and cultural events
- Company events: hackathons, pub times, events for families e.g. Halloween, St. Nicholas Day etc.
- Dogs friendly office
- Free tickets to ZOO
- Company laptop: MacBook or Lenovo
- Employee mobile tariff
- In Karta 25 CZ Railways