Cloud Security Engineer

Location: Sydney, New South Wales, Australia
Department: Engineering

It’s meaningful, it’s rewarding and it’s a lot of fun! If you love the idea of collaborating on a global product and passionate about user outcomes, then join our journey.

Our Mission...

Trade Ledger is the world's first business global lending platform that transforms digital data in real time, allowing banks to assess and regularly update credit and default risk of businesses they lend to. We are a high-growth B2B enterprise technology provider who simplify and automate complex banking services.

Our mission is to make commerce simple, by enabling banks and other lenders to address the underserved £1.2 Trillion corporate credit market opportunity. We do this by reimagining credit in a digital world - connecting company supply chain digital data to the financial service provider.

The Role

This opportunity will see you responsible for embedding automated security best practises in our cloud infrastructure and promoting a DevSecOps culture through TradeLedger.

As a member of the DevSecOps team, you will be working closely with the infrastructure Team, the Risk & Compliance function, the Developers, and the outsourced security functions to analyse and implement mitigations to security findings.

Your tasks

  • Contributing to a high quality service and delivery culture.
  • Care for and nurture your team of Trade Legends but not afraid to be firm when required.
  • Ensure that there is an effective process of continuous improvement.
  • Designing and implementing the automation of security and compliance capabilities for cloud-based infrastructure at scale in support of DevSecOps processes.
  • Implementing and maintaining security tooling for vulnerability assessments in cloud infrastructure and code to reduce risks within the build/deploy process.
  • Ongoing monitoring of the organisation's application and infrastructure architecture; reporting security metrics to the Compliance team.
  • Offering expertise to other areas of the business supporting with the creation, development, and enforcement of “security by design”. patterns, architecture principles, governance, standards, and processes.
  • Ensuring change initiatives meet security architecture requirements.
  • Performing periodic security assessments and assisting with ad-hoc security investigations.

About you

  • Strong experience in the AWS Security Suite (AWS IAM, AWS SSO, Amazon Cognito, Amazon GuardDuty, Amazon Inspector, AWS Config, AWS CouldTrail, AWS Shield, AWS WAF, AWS CloudHSM, AWS Certificate Manager, AWS Secret Manager, Amazon Detective, AWS Audit Manager).
  • Thorough knowledge of Docker and Kubernetes including Pod Security Policies, Network Policies, Secret Management; Hardening of Docker images and EC2 instance; in-depth linux knowledge.
  • Hands-on experience of implementing and running Static Application Security Testing (SAST), Dynamic AppSec testing (DAST), and Software Composition Analysis (SCA).
  • Detailed understanding of attacks, threats, vulnerabilities, risks, and countermeasures frameworks (e.g. STRIDE, DREAD, PASTA, D3FEND, ATT&CK, OWASP, CIS benchmarks).
  • Designing, developing, documenting, testing, and debugging new and existing configuration management infrastructure as code and build automation with Terraform, Jenking, and Git.
  • Offensive Security (ethical hacking, pentest, bug bounties) and/or Defensive Security (Blue Team, SOC) experience is a plus.
  • Solid understanding of implementing ISO27001 technical controls in an agile environment.
  • Excellent communication and presentation skills.

If this role is right for you and you believe you can genuinely contribute to the ongoing success of our company, please hit ‘apply’.

Our Culture

Diverse, open team culture is our differentiator!  Be passionate, team focused, hard working and love what you do.  We actively invest in continuous professional development because we know that our people are the creators of our success.
Our interview panels are inclusive to ensure we do not discriminate against age, gender, sexual identity or preference or religion. 
Bring your authentic self and let's achieve awesome things together!

Discover Trade Ledger - Who we are, Our approach & Our People HERE

Trade Ledger does not accept CVs from recruitment agencies.

< Return to open role list