Senior Information Security Engineer

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

3Pillar Global

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

☁️ SaaS

🏢 Enterprise

🤖 Artificial Intelligence

💰 Private Equity Round on 2021-10

SaaS • Enterprise • Artificial Intelligence

3Pillar Global is a modern application strategy, design, and engineering firm that specializes in delivering strategic software development initiatives for various industries. They offer a range of services, including application technology strategy, digital product engineering, data and analytics, and artificial intelligence development. 3Pillar Global focuses on helping organizations transform their bold ideas into breakthrough solutions by leveraging cutting-edge technologies such as generative and multimodal AI. They work with partners and clients across multiple sectors, including healthcare, financial services, insurance, media, and information services, to solve complex technology challenges and deliver high-performing results.

📋 Description

• Own the end-to-end vulnerability management program across our SaaS products, cloud infrastructure, containers, and endpoints including identification, triage, prioritization, remediation tracking, and reporting • Operate and tune SAST, SCA, and dependency-scanning tooling (e.g., Snyk, GitHub Advanced Security/Dependabot) and partner with engineering teams to drive timely remediation • Monitor runtime and infrastructure telemetry (e.g., Datadog) for security signals; investigate alerts and lead containment and follow-up actions • Track and report on vulnerability SLAs, mean-time-to-remediate, and other security KPIs to leadership • Enhance the security posture of our Microsoft Azure environment including identity, networking, data, and workloads through configuration hardening, policy enforcement, and continuous monitoring • Administer and improve Microsoft Intune for endpoint configuration, compliance, and mobile device management • Tune and maintain Microsoft Defender (Endpoint, Cloud, and related products) for threat detection, response, and reporting • Implement and operate Microsoft Purview controls for data classification, DLP, and information protection • Draft, update, and maintain corporate information security policies, standards, and procedures aligned to recognized frameworks (e.g., SOC 2, ISO 27001, NIST CSF) • Lead the response to customer and prospect security questionnaires, RFPs, and due-diligence requests, and maintain a reusable response library • Support vendor risk assessments and third-party security reviews • Assist with internal and external audits, evidence collection, and remediation of findings • Partner with Engineering on secure SDLC practices, threat modeling, and code review guidance • Contribute to security awareness training, phishing simulations, and a strong security culture across the company • Help mature incident response playbooks and participate in tabletop exercises and on-call rotations as needed

🎯 Requirements

• 4–6 years of professional experience in information security, application security, cloud security, or a closely related role • Hands-on experience securing SaaS applications and workloads running in Microsoft Azure • Demonstrated experience with vulnerability management tooling and process including triage, prioritization (e.g., CVSS, EPSS, exploitability context), and driving remediation through engineering teams • Working proficiency with several of the following: Microsoft Intune, Microsoft Defender (Endpoint/Cloud), Microsoft Purview, Datadog, GitHub (Advanced Security, Dependabot, code scanning), and Snyk • Solid understanding of identity and access management concepts, particularly Microsoft Entra ID (Azure AD), conditional access, and least-privilege design • Experience writing or substantially contributing to security policies, standards, or procedures • Experience responding to customer security questionnaires and supporting compliance efforts (SOC 2, ISO 27001, or similar) • Strong written and verbal communication skills and able to translate technical risk for both engineers and non-technical stakeholders.

🏖️ Benefits

• flexible work environment • focus on wellbeing with fitness offerings and mental health plans (country-dependent) • generous time off • career growth and development opportunities