wefox is a world-leading insurtech company driven by a single purpose: to enable people to be safe by making insurance 10 times better through technology. Together with more than 1300 employees in 8 locations across Europe, we are on a mission to give the world easy access to digital insurance solutions.
We provide our customers with 360-degree advice through our network of advisors and optimize each individual’s risk coverage by offering innovative prevention, assistance, and insurance products. We integrate the extensive know-how built up in the individual countries and the exchange of experience to build strong expertise among the wefox technology experts in our Tech Hubs in Barcelona, Paris, and Milan.
As a Cyber Security Engineer, you will play a pivotal role in ensuring the security and integrity of wefox information systems. Reporting directly to the Chief Information Security Officer (CISO), you will be responsible for implementing and managing security measures, conducting penetration testing, identifying vulnerabilities, and spearheading efforts to achieve ISO 27001 certification. Additionally, expertise in cloud security (AWS, GCP, Azure) and experience with Extended Detection and Response (XDR) solutions will be essential components of this role.
In this role you will:
- Penetration Testing:
- Conduct regular penetration tests on the organisation's systems and networks to identify vulnerabilities.
- Collaborate with external security experts if necessary to ensure a comprehensive assessment.
- Provide detailed reports and recommendations to the CISO for remediation.
Vulnerability Management:
- Implement and manage a robust vulnerability management program.
- Work closely with IT teams to prioritise and remediate identified vulnerabilities.
- Stay abreast of the latest security threats and vulnerabilities to proactively address potential risks.
ISO 27001 Certification:
- Develop and execute a roadmap for ISO 27001 certification in collaboration with the CISO.
- Conduct gap analysis against ISO 27001 requirements and implement necessary controls.
- Ensure compliance with ISO 27001 standards and maintain documentation for certification purposes.
Cloud Security:
- Apply expertise in cloud security, with a focus on AWS, GCP, and Azure.
- Implement and maintain security controls specific to cloud environments.
- Conduct risk assessments and ensure the secure configuration of cloud services.
Extended Detection and Response (XDR):
- Utilise XDR solutions to enhance threat detection and response capabilities.
- Collaborate with the security operations team to analyse and respond to security incidents.
- Optimise XDR tools for improved visibility and incident investigation.
Security Policies and Procedures:
- Assist in the development and enforcement of security policies and procedures.
- Educate employees on security best practices and ensure adherence to established policies.
Incident Response:
- Participate in the development and testing of an incident response plan.
- Assist in responding to and mitigating security incidents, working closely with relevant stakeholders.
Security Awareness:
- Conduct training sessions and awareness programs for employees on cybersecurity best practices.
- Foster a security-conscious culture within the organisation.
Security Monitoring:
- Implement and manage security monitoring systems, detect and respond to security incidents in a timely manner.
- Participate in the implementation of SOC/SIEM capabilities.
- Develop and maintain security monitoring dashboards.
Collaboration:
- Collaborate with IT teams, system administrators, and other relevant stakeholders to implement security measures.
- Work closely with the CISO to align security strategies with organisational goals.
What you bring:
- Having at least 5+ years of full-time dedicated experience leading Security focused roles on delivering security on distributed architectural solutions in complex environments.
- Strong understanding of network security, encryption, and firewall technologies.
- Proficiency in conducting penetration testing and vulnerability assessments.
- Familiarity with security tools and technologies, including cloud security solutions and XDR platforms.
- In-depth knowledge of ISO 27001 standards and certification process.
- Experience in developing and implementing information security management systems (ISMS).
- Cloud Security Expertise
- XDR Proficiency: Experience working with Extended Detection and Response (XDR) solutions.
- Bachelor’s degree in Computer Science, Engineering or related field; or equivalent combination of education/professional experience in a similar role.
- CISSP – Certified Information Systems Security Professional (big plus)
- CCSP – Certified Cloud Security Professional
- AWS – Certified Security Specialty (big plus)
- AWS – Solutions Architect Associate/Professional
- CompTIA Security+
- CompTIA CASP+
- EC-Council Certified Ethical Hacker (CEH)Fluent English, written and spoken. Spanish and German are a plus.
What we offer:
Now, we’ve gotten to the fun part, the part where you get to brag about your company, those perks your friends are so jealous of!
Here are some of them*:
- Flexible working hours including hybrid working
- A stack of the latest technologies and working gadgets
- Training and Coaching opportunities
- Free coffee, fruit and snacks, because we need fuel!
If you love a less-formal work environment, flexible paid time off, a great compensation package and benefits offering - and most of all, being the authentic you, get in touch, we want to meet you!
To all the misunderstood geniuses, rebels and mavericks looking to change the world for the better. Come work with us!
* Additional Benefits vary between countries and can be explained in more detail by a TA Partner.
Your contact person for this role is Shivani Bhardwaj.
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.
By submitting the application I confirm to have read and accepted the data privacy policy governing the job application process.