Security Engineer

The Role

As we continue to grow ensuring the security and integrity of our platform is more important than ever. Were looking for a Security Engineer to help shape the future of security at Masabi someone whos excited to build robust controls reduce risk and support our global compliance journey.

Youll work closely with teams across the business to maintain and improve our compliance posture (PCI DSS ISO27001 SOC2 drive vulnerability management and security tooling and support audits and client commitments. This is a highly collaborative role that blends technical insight with process improvement ideal for someone whos curious empathetic detailoriented and ready to make a positive impact.

Youll report directly to the Senior Director of Corporate IT Compliance and Customer Success.

Responsibilities

Compliance & Security Controls

Own and improve security controls aligned with PCI DSS SOC 2 and ISO 27001 supporting audits and recertifications

Ensure we stay auditready with control testing documentation and remediation

Partner with internal teams and auditors to manage evidence collection and compliance outcomes

Manage and track contractual security obligations flagging any billable work

Risk Management & Policy

Lead risk assessments identify control gaps and recommend mitigation strategies

Manage the lifecycle of security policies and standards making sure theyre practical uptodate and embedded across teams

Stay ahead of regulatory changes and industry trends to proactively adjust our security approach

Vulnerability Management

Own our vulnerability scanning and triage process prioritising risks and working with teams to close gaps within SLAs

Coordinate and follow up on biannual penetration tests

Monitor CVEs and evaluate impact across cloud infrastructure and code dependencies

Oversee patching compliance and ensure SSL certificates are uptodate

Automate scanning reporting and risk scoring wherever possible

Incident Response & Continuous Improvement

Own the lifecycle of security incidents from detection and response to lessons learned

Maintain uptodate incident response plans aligned with compliance standards

Implement and optimise tools to detect prevent and mitigate potential threats

Lead regular security reviews across cloud environments and code repositories

Track key risk indicators (KRIs) and report on security metrics to leadership

Support the completion of RFPs and customer security questionnaires

Qualifications : About You

Handson experience in security engineering compliance or risk management

Comfortable working with PCI DSS ISO 27001 SOC 2 and security audits

Solid understanding of vulnerability scanning pen testing and cloud environments (AWS)

Familiar with risk assessments mitigation strategies and patching workflows

Able to write clear documentation reports and policies

Collaborate curious proactive and always looking for ways to improve

Comfortable working independently in a remotefirst environment

Additional Information :

Some of our benefits

23 days holiday per year plus the Christmas Shutdown (another 34 days)

Private healthcare

Up to 1000 training budget per year

200 to spend on your home office

Choice of workstation

Menopause support

Ability to work for up to 3 months per year from any country in the world. Certain limitations may apply

Remote Work : Employment Type :

Fulltime

Key Skills

Splunk,IDS,Network security,Computer Networking,Identity & Access Management,PKI,PCI,NIST Standards,Security System Experience,Information Security,Encryption,Siem

Experience : years

Vacancy : 1