Security Engineer (QB-SE-20250530)

We are building an Agile Security Operations team of Security Engineers with complementary skill sets to tackle challenges across our infrastructure and product. This role offers an exciting opportunity for someone who can contribute in areas like vulnerability management, monitoring, penetration testing, and incident response. You will be solving complex challenges, bridging the gap between compliance and operations, and driving excellence in security across cloud infrastructure, on-premise systems, and SaaS applications. 

What You’ll Do:

• Infrastructure Security
• Support and secure identity (SSO) and device trust across endpoints, SaaS applications, and custom middleware.
• Work with AWS serverless architecture and on-premise Point of Sale devices to enhance security across hybrid environments.


• Penetration Testing
• Organize and execute infrastructure tests across:
• Our corporate infrastructure (identity, SaaS, endpoints).
• Our product (AWS cloud and on-premise devices).
• Our software (containers and applications).
• Document findings and coordinate remediation efforts with stakeholders.


• Monitoring & Incident Response
• Build and refine SIEM workflows for event alerting, triage, and response.
• Lead or support investigations into internal security incidents.
• Develop and maintain incident response playbooks.


• Vulnerability Management
• Conduct scans and report on vulnerabilities across the stack, from SaaS and endpoints to containers and custom applications.
• Collaborate with engineering teams to remediate issues and continuously improve security posture.


• Optimization & Innovation
• Automate repetitive tasks and optimize processes using scripting or no-code/low-code tools.
• Leverage creative problem-solving to address operational challenges effectively and efficiently.
• Leverage no-code/low-code tools to design custom middleware, automate workflows, and improve efficiency.


• Compliance-Driven Assurance
• Integrate SOC 2, PCI, and ISO certification requirements into operational security processes.
• Collaborate with cross-functional teams to ensure compliance without sacrificing operational flexibility.
• Contribute to a culture of assurance that goes beyond formulaic compliance to deliver real business value.

What You Bring:

• 3+ years of experience in security engineering or operations, with demonstrated expertise in one or more of the following: penetration testing, monitoring, incident response, or vulnerability management.
• Strong knowledge of identity systems, SaaS applications, AWS architecture, and on-premise device management.
• Proficiency in scripting (JavaScript, Python, PowerShell, etc.) or no-code/low-code tools to automate tasks and workflows.
• Familiarity with SIEM tools, EDR platforms, and containerized environments.
• Understanding of compliance frameworks such as SOC 2, PCI, and ISO.
• Strong collaboration and communication skills with a customer-focused mindset.