Security Engineer

Cover Genius

Cover Genius

Software Engineering
Sydney, NSW, Australia
Posted on Aug 28, 2024
The Company
Cover Genius is a Series E insurtech that protects the global customers of the world’s largest digital companies including Booking Holdings, owner of Priceline, Kayak and Booking.com, Intuit, Uber, Hopper, Ryanair, Turkish Airlines, Descartes ShipRush, Zip and SeatGeek. We’re also available at Amazon, Flipkart, eBay, Wayfair and SE Asia’s largest company, Shopee. Our partners integrate with XCover, our award-winning insurance distribution platform, to embed protection for millions of customers worldwide each year.
Our team and products have been recognized with dozens of awards including by the Financial Times which ranked Cover Genius as the #1 fastest-growing company in APAC in 2020. Our diverse team across 20+ countries and many language groups commit itself to diverse cultural programs, in particular “CG Gives” which makes social entrepreneurs out of us all and funds development initiatives in global communities.
Our People are
Bold, Authentic, Purposeful and Inspired
Our People are not
Perfect, Traditional, Complacent or Cautious
About the role
As a Security Engineer, you’ll maintain and improve the security of the organization's data and systems. You will be working across a wide range of technical functions to improve the platform and corporate security.
The ideal candidate will have a robust understanding of information security standards, a flair for strategizing and implementing security measures, and a track record of managing employee compliance. Familiarity with identity providers such as Okta is vital. This role will also work independently to improve application and platform security, collaborate with other teams, and undertake regular security testing.
Responsibilites include:
Incident Management: Detect, investigate, and respond to security incidents as part of the security team, including on-call duties, to promptly and effectively handle security issues.
Security Strategy: Develop, execute, and maintain the company's information security strategy in accordance with evolving industry standards and threats.
Risk Assessment & Mitigation: Identify, analyze, and document all potential security risks, and develop and implement effective mitigation strategies.
Training & Compliance: Create and deliver comprehensive training materials to all employees about their security and compliance responsibilities. Oversee employee adherence to these policies, addressing non-compliance as required.
Security Automation & Software Implementation: Develop and manage security automation tools and oversee the implementation of new software, ensuring seamless integration with existing security systems.
Third-Party Management: Handle due diligence questionnaires submitted by third-party partners.
Vendor Assessment: Conduct thorough assessments of new and existing IT vendors, including reviewing their certifications and processes to ensure that they comply with our security requirements and best practices.
Identity Management: Manage and oversee the operations of identity providers, such as Okta, to ensure secure and efficient access across the organization.
Application & Platform Security: Work independently to enhance the security of our applications and platforms. Collaborate with various teams across the organization for regular security testing and to implement platform security improvements.

Your day-to-day will involve:

  • Write Risk Management Framework (RMF)-based policies and procedures, and develop comprehensive cyber security processes to contain implementation.
  • Assessing cloud infrastructure against security best practices and compliance requirements
  • Remediating and/or coordinating with appropriate teams to ensure strategies are in place to mitigate cloud infrastructure security issues. Assisting other engineering teams to implement a shift left security culture e.g. pipeline SAST/DAST.
  • Providing advice, tooling and training to allow engineering teams to secure their web applications.
  • Creating and rolling out MDM policies to corporate devices and ensuring corporate devices are compliant with security policies.
  • Provision, deprovision and track employee hardware. Or where appropriate that any BYO hardware is used in a sufficiently controlled fashion in compliance with infosec policies.
  • Partake in technical design reviews, integration, testing, and documentation work.
  • Providing information to current and prospective customers/partners regarding security.
  • Conducting risk assessments for current and potential Cover Genius vendors.
  • Assisting employees with corporate policy compliance.
  • Coordinating and conducting regular access reviews.
  • Creating security awareness training for employees.
  • Assisting the organization in increasing Phishing awareness by creating phishing campaigns.
  • Assisting the organization in meeting compliance framework requirements (e.g SOC2)Co-ordinating scheduled external security testing (e.g. annual penetration testing)

Ideally you will have technical experience in:

  • Strong attention to detail with an analytical mind and outstanding problem-solving skills.
  • Passion for security and awareness of current best practices and trends in the security space
  • Experience with AWS and/or GCP platforms and associated security best practices
  • Experience in securing web applications and frameworks
  • Ideally some experience with Organization management tools (e.g. Google Workspace, Okta)
  • Comfortable scripting & developing internal tooling with at least one programming language and ideally some experience with shell scripting (e.g. bash)
  • Ideally some experience working with infrastructure & configuration as code tools such as Terraform
  • Ideally experienced with container technology such as Docker and Kubernetes and general familiarity with cloud native approaches to infrastructure & security
  • Experience working with Linux
  • Basic understanding of networking and system architecture
  • Bachelor Degree in Computer Science/Engineering, Information Security, or equivalent practical experience

To be successful in this role you have:

  • Strong communication and documentation skills (both written and spoken)
  • Curious and self motivated learner
  • Professional approach
  • Good team member
  • Organizational and time management skills
  • Excellent attention to detail
  • Positive approach to change