Senior Security Engineer

Krakow

OANDA

Learn why OANDA has been a leading broker for over 25 years.

View all jobs at OANDA

Everyone at OANDA is focused on our vision to transform how our customers can meet all their currency needs. We are revolutionising the world of currency trading by providing innovative trading experiences, currency data and analytics solutions. Dare to be open, bold, focused - own it and apply! The future is now! 

Join us and:

  • Work on an award-winning platform that processes billions of dollars every day.

  • Be on a team that’s responsible for company-wide top priority projects.

  • Contribute innovative ideas to improve the daily trading experience of thousands of customers.

  • Improve yourself and your team through education and continuous learning.

How do we work? 

This is a hands-on position where you’ll have the opportunity to suggest, evaluate, take ownership, implement, configure and maintain numerous security solutions, investigate security incidents, perform application security reviews, vendor security assessments, write code for security sensitive applications, and other activities that can help improve OANDA’s security posture.

Do you know any other way to make our environment more secure? At OANDA you'll have the opportunity to put it into practice.

In this role, you will:

  • Act as the point of contact for Secure Software Engineering activities and reviews

  • Help define Security processes and standards; own the education, implementation, and monitoring of them, especially application-security standards.

  • Drive the Vulnerability Management process; develop and implement procedures, and best practices to enhance the organization's security posture.

  • Conduct security assessments and audits to identify vulnerabilities and recommend remediation strategies.

  • Collaborate with cross-functional teams to ensure compliance with security policies and regulations.

  • Work with our engineering, ITSM, and project management teams to embed security components into our secure SDLC.

  • Respond to security incidents and perform investigations.

  • Spread Security Awareness across the company, but attending guild meetings, demos, and presenting at engineering all-hands and corporate townhalls.

  • Find opportunities for automating security.

  • Assist in audit and compliance activities.

  • Perform internal penetration tests.

  • Monitor and implement strategies and technologies to secure our Google Cloud environment, including the deployment and configuration of CSPM tools to monitor and manage the security posture of cloud environments.

What skillset you need, to be successful in this role:

  • 2+ years in software development experience, with a strong understanding of the software development lifecycle and experience in at least one development language (C++, Java, Python, JavaScript)

  • Strong knowledge of at least one of the following scripting languages (Bash, Python, PowerShell)

  • Excellent communication (English)

  • Ability to work autonomously, and multi-task multiple projects at a time

  • Deep knowledge of at least two Operating Systems (Linux, and at least one of Windows or macOS)

  • Excellent understanding of network, web, authentication, cryptography and security protocols. Including tools used to perform their analysis

  • Good knowledge in general security principles and best practices; and how to leverage them in a global, financial and regulated environment

  • Knowledge of infrastructure, including firewalls, networks, load balancers, servers, and their security considerations in both on-premise and cloud environments.

  • Experience in improving the security of software development process

  • Working experience with compliance standards and frameworks such as CIS, NIST, PCI-DSS, GDPR, SOC2 and ISO27001

Nice to have:

  • Certifications with emphasis on Information Security such as CIPP, CISSP, CompTIA Security+ and CRISC

  • Knowledge of additional programming languages (.NET, Go)

  • Experience with Google Cloud Platform (GCP)

  • Experience working in a regulated environment, particularly with financial regulators (NFA, MAS, FCA, CIRO, JFSA, KNF, ASIC)

OANDA Global Corporation is a diverse and global team with offices around the world. We value the unique skills and experiences each individual brings to OANDA. We are committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide an inclusive and accessible environment for everyone. Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment and selection process, please let us know. We will work with you to provide as seamless a recruitment experience as possible.

Learn more about our culture here.

Review OANDA Privacy Policy and learn more about how we treat your personal data and protect your privacy. 

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Analytics Application security Audits Bash C CIPP CISSP Cloud Compliance CompTIA CRISC Cryptography CSPM Firewalls GCP GDPR ISO 27001 Java JavaScript Linux MacOS Monitoring NIST PowerShell Privacy Python Scripting SDLC Security assessment SOC 2 Vulnerabilities Vulnerability management Windows

Perks/benefits: Career development

Region: Europe
Country: Poland

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.