Senior Security Operations Engineer

About Toptal

Toptal is a global network of top talent in business, design, and technology that enables companies to scale their teams, on-demand. With $200+ million in annual revenue and team members based around the globe, Toptal is the world’s largest fully remote workforce.

We take the best elements of virtual teams and combine them with a support structure that encourages innovation, social interaction, and fun. We see no borders, move at a fast pace, and are never afraid to break the mold.

Job Summary:

As a Senior SecOps Engineer at Toptal, you will work with Development, IT Operations, Infrastructure teams, and Risk & Compliance, empowering the company with the knowledge and tools needed to protect Toptal’s products vigilantly. You help to ensure they are well-armed to maintain the highest security standards, safeguarding the company’s future. You will conduct assessments, automate operational workflows, and hold security training for the Engineering function.

This is a remote position. We do not offer visa sponsorship or assistance. Resumes and communication must be submitted in English.

Responsibilities:

The following information is intended to describe the general nature and level of work being performed. It is not intended to be an exhaustive list of all duties, responsibilities, or required skills.

• Run security assessments and advise developers on remediation.
• Educate staff on personal, corporate, architecture, and development security best practices.
• Contribute to application designs and solutions and assist with code reviews.
• Raise security concerns to the forefront.
• Conduct targeted educational sessions and workshops to elevate the security knowledge of staff across personal, corporate, architectural, and development domains.
• Champion security within the organization by proactively identifying and raising security issues, and advocating for security-first practices.
• Maintain security development lifecycle and integrate them into the CI pipeline.
• Develop and maintain active monitoring tools.
• Provide timely and adequate information about the current state of Toptal security.
• Contribute with Risk & Compliance on corporate security practices, standards and policies.
• Respond to any ongoing or completed incidents, help teams to find the root cause, and set possible action points.

Qualifications and Job Requirements:

• 3+ years experience in application security, with a strong understanding of security principles and practices across engineering teams.
• Demonstrated ability to lead security initiatives and spread a comprehensive security mindset across engineering areas.
• Proficiency in coaching, mentoring, and providing guidance to engineering teams to enhance their security skills and awareness.
• Experience in developing and proposing security guidelines and best practices tailored to diverse engineering needs.
• Solid background in application development using at least one modern programming language.
• Familiarity with CI/CD tools like Docker, Jenkins, and GitHub Actions, as well as cloud platforms (preferably GCP).
• Knowledge of Infrastructure as Code (IaC), with experience in tools like Terraform.
• Understanding of OWASP methodology, and awareness of web and mobile vulnerabilities.
• Familiarity with common security standards such as ISO/IEC 27000-series, GDPR, SOC2, and PCI.
• Experience in using SAST and DAST tools like Snyk, BurpSuite, OWASP ZAP, and others.
• Familiarity with Cloud Compliance tools, such as InSpec.
• Strong problem-solving skills with the ability to consider and integrate multiple solutions.
• High enthusiasm for technology with a proactive approach to learning and adopting new tools and practices.
• Open to and appreciative of constructive feedback, promoting a collaborative and learning-focused work environment.
• Holds one or more current, valid security-related certifications (preferred).
• Outstanding written and verbal communication skills, capable of effectively articulating security concepts to diverse audiences.
• Ability to work in a fast-paced, rapidly growing company and handle a wide variety of challenges, deadlines, and a diverse array of contacts.
• You must be a world-class individual contributor to thrive at Toptal. You will not be here just to tell other people what to do.