Security Engineer

Job description

Here at ZIVVER we help businesses secure their communications such as email and file transfer. As an ambitious self-starter you are eager to jump in and build this fast growing scale-up together with us. How?  You will be part of the small Security team that is responsible for guarding ZIVVER from various threats. It is our core job to protect the confidentiality, integrity and availability of data. It is your job to prepare ZIVVER for cyber attacks, inside threats and bad luck. Since ZIVVER is a scale up, this means building the foundations of a security operation center. You will closely collaborate with the Engineering team and integrate security in the way we work as much as possible.

 

Hot takes

  • There is only security when it is embedded security
  • Not knowing what is going on is to say at least uncomfortable

 

A Day at HQ

You just started your workday when a colleague of the engineering team asks if you could brainstorm with him on how to embed security in the development pipeline. That is interesting so you quickly plan a meeting for later that morning because you first have to look at some alerts that need to be investigated. There seems to be some suspicious behavior going on on the platform. You spend a couple hours on this and you are relieved: it was a false alarm. Nevertheless you found a few easy ways to improve the alerting and made sure to make a note of that. Hopefully you have some time later this week to pick this up.

 

After lunch you have a look at the incoming vulnerability reports in HackerOne. There is one interesting report on a possible bypass of a rate limiter. The report turns out to be valid. You respond to the security researcher and create a follow up ticket for the engineering team.

 

In the afternoon you attend the Security Core in which the security team comes together to discuss ongoing security concerns. You present the insight you gained by improving the intrusion detection tooling. The team is happy with the progress and asks some good and critical questions. You feel motivated and can’t wait to continue working on this. But the last hour of the day you start investigating the best ways to do load testing. Sales just landed a great new deal and this means: many more users on the platform. So there is a brainstorm session planned tomorrow with the Information Security Officer and the DevOps team to figure out how to incorporate load testing the pipeline. After work you head to the Hummingbar to get a beer and get ready for the Hackathon that has been planned that evening.


Responsibilities 

  • Together with the ISO you will be responsible for setting up a Security Operations Center
  • Implement ways to prevent, detect and respond to threats
  • Keep full control over technical vulnerabilities in our entire suite of products
  • Assist the Engineering team with improving the availability and performance management
  • Administrate and operate monitoring and detection systems
  • Share insights on the technical risk levels of ZIVVER with the ISO and management.
  • Increase security awareness and knowledge
  • Run our vulnerability disclosure program on HackerOne

Benefits 

  • An exciting, fast-growing, energetic environment;
  • Flexible working hours;
  • A pension plan;
  • Free lunch at HQ;
  • Great office and awesome people with different nationalities;
  • At least €1.000,- per year on personal development budget.

 

Requirements

  • Experience with a cloud based infrastructure, preferably AWS
  • Experience with vulnerability management, threat management and intrusion detection
  • Experience with SIEM products
  • Experience with SRE (Site Reliability Engineering)
  • Experience with DevOps or DevSecOps
  • Experience with a Java ecosystem
  • Knowledge of security in the CI/CD pipeline
  • If it ain’t automated, it ain’t fixed
  • You are a self-starter, but know how to involve your stakeholders
  • Ethical hacking experience is a plus
  • Professional level of English