ROLE
We are seeking a Software Security Engineer experienced with compliance audits and frameworks such as SOC 2 Type II, FedRAMP and ISO.
This role is responsible for leading security and compliance initiatives with internal and external teams and stakeholders, will drive certifications processes and ensure all policies, processes and procedures are met and documentation is maintained.
The ideal candidate will have a deep understanding of information security principles, infrastructure management and secure software development practices and tools.
PROFILE
- Collaborate with cross-functional teams to integrate state of the art security controls at every step from design, development, quality assurance to maintenance of systems
- Discover, assess and report vulnerabilities and escalate issues if needed
- Review, identify weaknesses and propose improvements in architectures and systems designs
- Develop and promote best security practices, design and architecture patterns to engineering teams
- Analyze findings from different tools, pen tests and support DevSecOps pipelines development
- Develop and maintain tools / scripts to help teams to achieve secure coding practices
- Collaborate with Product Owners and business stakeholders to prioritize and assess security related tasks
- Monitor latest industry security developments, analyze impact, and work with teams to mitigate risks
- Manage the SOC 2 Type II audit process for infrastructure systems, collaborating with both internal teams and external auditors.
- Maintain expert knowledge of our systems infrastructure, ensuring it meets SOC 2 Type II compliance requirements and other regulatory standards.
- Develop, implement, and maintain procedures and policies to ensure system compliance with SOC 2 Type II and other applicable regulations.
- Communicate effectively with stakeholders, auditors, and team members regarding compliance matters and audit processes.
- Manage remediation efforts to address any identified system vulnerabilities or issues.
- Provide training and guidance on compliance matters to other team members.
- Conduct regular security assessments of applications, identifying vulnerabilities and taking appropriate mitigation measures.
- Participate in incident response and cyber security investigations.
- Proven experience with SOC 2 Type II audits in a system-focused role.
- In-depth knowledge of IT systems infrastructure, including both on-premises and cloud-based systems, and related security principles.
- Understanding of regulatory requirements, risk management methodologies, and security frameworks.
- Excellent problem-solving, communication, and project management skills.
- Active security industry certifications such as OSCP as a strong advantage.
- 2+ years of experience in cybersecurity, software development or IT Operations
- Experience in SAST and DAST
- Experience with Pentest is a plus
- Experience in software programming, preferably Java or .NET
- Experience in Infrastructure as code tooling, preferably Terraform and Ansible
- Basic knowledge of relational databases, e.g., Oracle, SQL Server and PostgreSQL
- Strong interpersonal, communication and teaching skills
- Strong analytical skills
- Passion for excellence and willing to become a key team player
- Ability to multi-task, self-direct, manage deadlines and team-oriented
- Fluent in English, French is an asset
- Bachelor's degree in Information Technology, Computer Science, or a related field.
- Relevant professional certifications (CISSP, CISM, CISA, etc.) are strongly preferred.
JOIN US :
Our success comes from our highly skilled and talented employees
Respectful entrepreneurship and a long-term vision are key for success
Our people contribute to a more secure world
Diversity at all levels of an organization is a strength