As a Security Engineer at Lemonade Finance, you will advocate for information security throughout all our software development and business processes. You will work with other Application Developers and System Engineers to protect our customers and Lemonade Finance’s business.
- Conduct internal security and confidential information investigations and information security audits.
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers.
- Respond to security violations, vulnerabilities, and incident detections.
- Assess and secure third-party integrations, services, solutions and partnerships, ensuring controls are implemented to the highest security standards.
- You will develop and deploy security tools and automations.
- Provide security training and guidance to internal teams and customers.
- Ensure timely delivery of security goals, and make recommendations for incremental process improvement.
- Contribute to / provide feedback on the development of security standards and control requirements.
- You possess a breadth of knowledge and experience across the information security domain, such as endpoint security, identity management, cloud security, detection engineering, vulnerability management, incident response, and threat intelligence.
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
- Experience in Network security controls for egress and ingress Network Firewall, WAF, and DDOS.
- Experience with Amazon Web Services (AWS) products and security controls.
- Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods.
- Experience with information security frameworks and industry regulatory compliance – SOC2, PCI DSS, ISO.
- Strong ability to take ownership of assigned tasks and responsibilities.
- Must display high level of critical thinking in order to weigh alternatives and presentsolutions that are consistent with requirements.
- You have hands-on experience investigating security events and incidents across complex and heterogeneous environments, preferably including AWS.
Nice to have
- BSc in Engineering or Computer Science, or other relevant degree.
- Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units.
- Experience with developing and maintaining relevant security assessment risk metrics.
- Curiosity and drive to learn new technologies, methodologies and best practices
- Security related certifications such as CEH, CISSP, CISM, AWS Certified Security – Specialty.