Ibexlabs
Website:
ibexlabs.com
Job details:
What Ibexlabs Does
Ibexlabs is one of the leading software development and service companies. We build cloud native B2B SaaS software helping customers in their cloud transformation journey. We are rapidly growing and looking to hire smart people who can continue fueling our growth and be part of our success journey.
Position Details
Job Purpose
We are looking for a Security Engineer (with 3 years of experience in a public cloud environment), who is passionate about security design, architecture and implementation and learning new technologies and growing her/himself in his/her career.
As a Security Engineer, you will help guide our customers with the assessment through AWS Well Architected Framework of their public cloud infra with remediation and recommendation. You will also help our customers to make them SOC2 (Service Organisation Control) certified including policies/procedures creation and guiding and mentoring the rest of the team members.
Responsibilities and Requirements
- Manage and maintain compliance programs across frameworks such as SOC 2, ISO 27001, HIPAA, GDPR, Cyber Essentials and related regulatory standards using compliance automation platforms including Drata and Sprinto.
- Coordinate end-to-end audit activities, including evidence collection, auditor coordination, remediation tracking, and compliance readiness management.
- Conduct enterprise risk assessments, vendor security assessments (VASQ), and vulnerability management activities to identify and mitigate security and compliance risks.
- Administer and monitor security tools such as JumpCloud and Trend Micro, including access management, endpoint security monitoring, and incident response support.
- Perform vulnerability assessments and remediation tracking using tools such as AWS Inspector, Nmap, Detectify, and ZAP OWASP.
- Coordinate penetration testing engagements, track remediation activities, and support security improvement initiatives across customer and internal environments.
- Develop, review, and maintain security policies, procedures, runbooks, and compliance documentation aligned with industry standards and organizational requirements.
- Execute periodic security awareness training, phishing simulation campaigns, incident response exercises, and business continuity/disaster recovery testing.
- Conduct periodic administrative access reviews, log monitoring, and security control validations to ensure compliance with internal security standards and regulatory requirements.
- Collaborate with cross-functional teams, auditors, vendors, and stakeholders to support security operations, compliance initiatives, and continuous improvement activities.
Click on Apply to know more.