Cyber Security Engineer

Posted Oct 12

πŸš€ What does Finalis do?

Finalis is the leading platform enabling the securities brokerage landscape to operate legally and compliantly. The firm delivers a white-labeled regulatory affiliation and compliance back-office solution that supports a wide range of private market dealmaking including M&A, capital raising, private placements, direct participation programs, fintech marketplaces, and alternative investment sponsors.

Finalis provides additional leverage to securities brokers with the Finalis Platform, which delivers a hassle-free deal management solution and a Marketplace that connects brokers with one another to gain insights and explore collaborations.

Launched in 2020 and growing rapidly, the SF- and NYC-based firm is on a mission to power dealmakers by building the world’s largest dealmaking platform.

Join us in disrupting the securities industry, for good.

🌍 How does Finalis work?

We are a fully-remote company with Finalists distributed between the time zones of Eastern Standard Time and Eastern European Time .

If you’re located outside this time zone range, depending on the needs of your team, you may be requested to be available during specific hours.

Although we don’t have an official physical place to work, we promote gathering with your team or other colleagues whenever possible.

🀝 What about your team?

As Finalis continues to rapidly grow, we seek to bring on a skilled Security Cloud Engineer. Be part of the team harnessing the full power of the cloud to create extraordinary new value for the world 's leading organizations. From architecture professionals, data security specialists to software developers, you'll join the best in the industry, leveraging agile methodologies across the technology stack to drive 360˚ value for clients.

✨ What will you be doing?

  1. Participate in compliance enforcing security standards such as SOC2 and ISO 27001.
  2. Contribute to design the infrastructure architecture and suggest recommendations on security aspects. Contribute to threat modeling and attack surface analysis.
  3. Assess security risks and their impact on applications and infrastructure using tools such as Nessus, Burp Suite, NMAP, OWASP ZAP, etc.
  4. Monitor and analyze system alerts to identify and block malicious behavior and activities.
  5. Execute incident response plans, identify root cause and drive mitigations to prevent future incidents.
  6. Document all actions taken as part of the investigation, such as work instructions.
  7. Continuously improve processes through automation and creation of tools using Python, Go or similar.
  8. Generate vulnerability, configuration, and coverage metrics and reports to demonstrate assessment coverage and remediation effectiveness for systems and infrastructure.
  9. Assist with the development of processes and procedures to improve threat and vulnerability management and security center operations
  10. Educate and advocate for improved security throughout the data ecosystem.
  11. Hardening Cloud infrastructure.
  12. Generate security incident reports, security assessment reports, security procedures.

πŸ’¬ Who are we looking for

  • Blue teamer with hands-on experience hardening cloud servers, Docker Containers, and K8S.
  • Knowledge of OWASP application security standards, CIS Benchmarks, etc.
  • Experience in planning and testing for business continuity and disaster recovery
  • Experience with network and endpoint security tools such as EDR, IDS, SIEM, WAF.
  • Experience using AWS security tools.
  • Understand vulnerability assessments and experience in red teaming and penetration testing used to identify weaknesses and mitigations.
  • Security Event Management: Triage, analysis and response activities.
  • Knowledge of scripting languages such as bash, Python, GO, etc.
  • Excellent communication skills (written and verbal) as well as comfort and experience in delivering presentations.
  • Ability to quickly adapt to changing priorities, demands, and timelines through analytical and problem-solving capabilities.
  • Bonus Track!
  • Graduated and/or student of careers related to Systems.
  • Security related certification such as CEH, CISM, CCSS, CCCA, CCCS, CompTIA Security+, CISSP, GSEC etc. (Desirable)
  • AWS Infrastructure Certifications Desirable: AWS Solution Architect, AWS Security Specialist. (Desirable)
  • Experience with Github Actions, CI/CD.
  • A minimum of 3 years of experience.

🌟 What do we offer?

  • 100% Remote work (Work from wherever you want!)
  • Competitive USD salary
  • USD $20 per month for Internet expenses
  • Generous Paid time-off (Vacation Time!)
  • 17 Flex Days (to use in national holidays or personal matters)
  • Professional Growth Benefit (take your skills to the next level!) πŸš€
  • People Team Partner (to target your roadblocks and customize an action plan for your career path)
  • Buddy Program
  • Virtual After-Office Activities
  • Diverse Culture & Inclusive environment