The Company Cover Genius is a Series E insurtech that protects the global customers of the world's largest digital companies including Booking Holdings, owner of Priceline, Kayak and Booking.com, Intuit, Uber, Hopper, Ryanair, Turkish Airlines, Descartes ShipRush, Zip and SeatGeek. We're also available at Amazon, Flipkart, eBay, Wayfair and SE Asia's largest company, Shopee. Our partners integrate with XCover, our award-winning insurance distribution platform, to embed protection for millions of customers worldwide each year.
Our team and products have been recognized with dozens of awards including by the Financial Times which ranked Cover Genius as the #1 fastest-growing company in APAC in 2020. Our diverse team across 20+ countries and many language groups commit itself to diverse cultural programs, in particular "CG Gives" which makes social entrepreneurs out of us all and funds development initiatives in global communities.
Our People are Bold, Authentic, Purposeful and Inspired
Our People are not Perfect, Traditional, Complacent or Cautious
About the role As a Security Engineer, you'll maintain and improve the security of the organization's data and systems. You will be working across a wide range of technical functions to improve the platform and corporate security.
The ideal candidate will have a robust understanding of information security standards, a flair for strategizing and implementing security measures, and a track record of managing employee compliance. Familiarity with identity providers such as Okta is vital. This role will also work independently to improve application and platform security, collaborate with other teams, and undertake regular security testing.
Responsibilities include: Incident Management: Detect, investigate, and respond to security incidents as part of the security team, including on-call duties, to promptly and effectively handle security issues.Security Strategy: Develop, execute, and maintain the company's information security strategy in accordance with evolving industry standards and threats.Risk Assessment & Mitigation: Identify, analyze, and document all potential security risks, and develop and implement effective mitigation strategies.Training & Compliance: Create and deliver comprehensive training materials to all employees about their security and compliance responsibilities. Oversee employee adherence to these policies, addressing non-compliance as required.Security Automation & Software Implementation: Develop and manage security automation tools and oversee the implementation of new software, ensuring seamless integration with existing security systems.Third-Party Management: Handle due diligence questionnaires submitted by third-party partners.Vendor Assessment: Conduct thorough assessments of new and existing IT vendors, including reviewing their certifications and processes to ensure that they comply with our security requirements and best practices.Identity Management: Manage and oversee the operations of identity providers, such as Okta, to ensure secure and efficient access across the organization.Application & Platform Security: Work independently to enhance the security of our applications and platforms. Collaborate with various teams across the organization for regular security testing and to implement platform security improvements.Your day-to-day will involve: Writing Risk Management Framework (RMF)-based policies and procedures, and developing comprehensive cyber security processes to contain implementation.Assessing cloud infrastructure against security best practices and compliance requirements.Remediating and/or coordinating with appropriate teams to ensure strategies are in place to mitigate cloud infrastructure security issues.Assisting other engineering teams to implement a shift left security culture e.g., pipeline SAST/DAST.Providing advice, tooling and training to allow engineering teams to secure their web applications.Creating and rolling out MDM policies to corporate devices and ensuring corporate devices are compliant with security policies.Provisioning, deprovisioning and tracking employee hardware.Partaking in technical design reviews, integration, testing, and documentation work.Providing information to current and prospective customers/partners regarding security.Conducting risk assessments for current and potential Cover Genius vendors.Assisting employees with corporate policy compliance.Coordinating and conducting regular access reviews.Creating security awareness training for employees.Assisting the organization in increasing Phishing awareness by creating phishing campaigns.Assisting the organization in meeting compliance framework requirements (e.g., SOC2).Coordinating scheduled external security testing (e.g., annual penetration testing).Ideally you will have technical experience in: Strong attention to detail with an analytical mind and outstanding problem-solving skills.Passion for security and awareness of current best practices and trends in the security space.Experience with AWS and/or GCP platforms and associated security best practices.Experience in securing web applications and frameworks.Experience with organization management tools (e.g., Google Workspace, Okta).Comfortable scripting & developing internal tooling with at least one programming language and ideally some experience with shell scripting (e.g., bash).Experience working with infrastructure & configuration as code tools such as Terraform.Experience with container technology such as Docker and Kubernetes and general familiarity with cloud native approaches to infrastructure & security.Experience working with Linux.Basic understanding of networking and system architecture.Bachelor's Degree in Computer Science/Engineering, Information Security, or equivalent practical experience.To be successful in this role you have: Strong communication and documentation skills (both written and spoken).Curious and self-motivated learner.Professional approach.Good team member.Organizational and time management skills.Excellent attention to detail.Positive approach to change.
#J-18808-Ljbffr
