Lead Cyber-Security Engineer

Position: Lead Cyber-Security Engineer

Line Manager: Director of Engineering - Security                                                     

Location: Albany, New Zealand

Purpose of the Role

Our purpose is delivering intelligence you can trust, for a better world tomorrow. 

With a large established base in New Zealand and a rapidly growing business in the United States and recent relaunch in Australia, the Cyber-security Engineer role will be a key role to help EROAD meet its ambitious strategic and commercial goals.

The outcomes to be delivered in this role are

• Lead our small Security Engineering team work plan and task management to ensure outcomes and milestones are met 
• Work cross-functionally across governance, defence and operations
• Security policies and procedures development and maintenance
• Internal compliance and audits (SOC2 and later ISO27001/2)
• Assisting customers with cyber-security enquiries and questionnaires
• Vendor security due-diligence
• Cyber-security maturity assessments
• Developing and facilitating internal cyber-security awareness programmes
• Host vulnerability analysis and risk triage – including co-ordinating efforts with responsible teams
• Assisting teams with secure cloud infrastructure design
• Cyber-security incident response and management of incidents
• Threat intelligence – including building up 6 monthly internal threat intelligence reports
• Development and maintenance of monthly security reports for the governance committee
• Threat hunting
• Monitoring our security platforms for threats and responding to them (detect and response) including custom policy development
• SOAR automations development in Python
• Keeping up to date with latest cyber security tools and techniques including regular training with our cyber-security training platforms

Key Skills and Experience

• Demonstrable experience with public cloud environments, particularly Azure and AWS
• Proven expertise in cyber-security, especially in threat monitoring, hunting, and the use of EDR and SIEM tools
• Proficient in coding and scripting (e.g., Python) for SOAR automation and custom detection policies
• Familiarity with security frameworks, with preferred certifications such as SOC2 and/or ISO27001/2
• Experience collaborating with senior stakeholders
• Skilled in information security policy development
• Track record of leading teams to achieve targeted outcomes
• Adept at interacting with customers during security assessments
• Understanding of agile software engineering principles

This Job Description is not intended to be complete or limiting. EROAD is in a “high growth” mode and the role will require a proactive and flexible approach to manage tasks that support a rapid and innovative environment.