ABOUT YOU:
The security team is vital in protecting the organization’s information assets and ensuring product safety, trust, compliance, and privacy.
As a Security Technical Team Lead, you’ll shape the team’s security vision, drive innovation, and work on complex technologies to design safeguards, develop secure practices, and mentor the team. This role blends technical expertise, leadership, and innovation to strengthen the organization’s security initiatives.
IN THIS ROLE YOU WILL- Lead, participate in, and contribute to partnerships between security, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in SaaS solutions, with an emphasis on building rather than advising.
- Support the product and application security team by defining and refining processes such as threat modeling, embedment models, and prioritization of features, defects, and vulnerabilities.
- Assist the red team with ongoing activities, including managing bug bounty programs and continuous penetration testing platforms.
- Lead the design and development of key security features for the GoodLeap platform, such as authentication (authn), authorization (authz), device profiling, and data safeguards.
- Mentor and provide technical guidance to other members of the security team.
- Support or build components of the security analytics platform.
- Contribute to investigations, threat hunting, and incident response activities in a supporting role; assist the monitoring and response team with creating playbooks for specific incident response scenarios.
- Collaborate with the security operations team to select, implement, and operate security solutions.
- Support the security operations team with the vulnerability management lifecycle.
- Ensure technical alignment across security solutions and initiatives within the team, from governance, risk, and compliance (GRC) to product security.
- Represent the security team in enterprise architecture forums as needed.
YOU ARE A GREAT FIT IF YOU BRING THE FOLLOWING: - Strong communicator with the ability to lead technical architecture discussions and drive technical decisions, while effectively communicating with non-technical audiences.
- Deep familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, IAM, and others (knowledge of GCP and/or Azure is a plus).
- Proven ability to establish credibility and build trust with engineers and operational staff; confident yet humble.
- Hands-on experience with microservices and associated orchestration tools, such as ECS, EKS, Nomad, and Istio, with an understanding of the operational and security implications of these technologies.
- Excellent understanding of both human and non-human identity management, as well as common enterprise and consumer authentication standards and use cases.
- Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools such as Doppler and HashiCorp Vault.
- Passionate about learning new technologies; while you're not expected to know everything, you should demonstrate the ability and willingness to learn when necessary.
- Prior experience developing security services for products or enterprise platforms, ideally using Python, Node.js, TypeScript, or .NET.
- Proficiency in writing automation scripts in more than one language, with prior experience automating security processes in cloud or SaaS environments.
- Strong understanding of cryptography and key management use cases.
- Experience overseeing vulnerability and threat management at the infrastructure, platform, and application levels.
- Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement; prior oversight of bug bounty platforms or managed penetration testing services is a plus.
- Ability to balance a high-level view of security strategy with attention to detail, ensuring thoroughness in execution.
- Expertise with event management and Security Event Management (SEM) solutions, including data modeling for building event detection and alerting capabilities.
- Practical experience investigating incidents and performing threat hunting, with familiarity using common incident response tools and processes.
- Prior expertise with workforce security solutions, including zero-trust models and enterprise browsers.
WHAT ABOUT US
We’re a results-driven team of IT professionals with a knack for innovation and using the latest technologies to help enterprises achieve digital transformation. Our winning formula encompasses a holistic approach to software development, expert guidance, and a trusted partnership.
Our mission is to help build cutting-edge software solutions specifically designed to improve operational efficiency, increase productivity, help alleviate costs, and enhance customer experience.
WHAT WE OFFER
🏥 Comprehensive Medical Insurance to ensure you're covered.
🏋️ Monthly Gym allowance up to 150 RON to keep you active and fit.
🌴 24 holiday days plus 3 bonus days off for rest and relaxation.
🎂 A day off on your Birthday because it's your special day!
🏡 2/3 days of remote work per week for work-life flexibility.
🛠️ Technical Trainings & Certificates to keep your skills sharp.
🎓 Learning & Development sessions to fuel your growth.
🍽️ Weekly breakfast/lunch at the office to fuel your productivity.
🏞️ Yearly team building and other exciting company gatherings!