Circularise / Den Haag (NL)Apply on site
Your job will be to bullet-proof our products and internal systems, set up monitoring tools to detect security breaches, as well as design, implement and deploy incident response processes and tools. Your focus will include minimising the probability of a cyberattack, the time taken to mitigate one, its impact on our users, team members, systems, and data, integrating learnings from these incidents, disseminating security best practices among the team, keeping up with industry trends and new forms of attacks, and continuously integrate those learnings into our practices, systems, tools, and IT infrastructure.
In this role, your main focus will be on:
* Defining, maintaining, and reviewing our security policy, including defining a suitable process for granting, revoking, and maintaining access rights based on roles across several different tools and systems.
* Identifying sensitive and security-critical areas of our systems and internal tooling, and applying robust, battle-tested mechanisms to secure them.
* Creating and maintaining automated pentests targeting sensitive and security-critical areas.
* Organising and orchestrating audits and pentests with third-party specialists.
* Planning, designing, and coordinating the implementation to achieve ISO27001 certification.
* Establishing back-up policies across all data storages, and defining RPOs and RTOs.
* Organising company-wide training and knowledge sharing sessions to raise security awareness.
* Define clear roles and responsibilities for data access, data protection, data stewardship, as well as procedures for data breaches.
* Establish effective observability and actively monitor for cyberattacks, as well as coordinating the response to them., 2. A cultural fit interview to assess whether your working style/fits with our values & culture
3. 1-2 technical assessment
4. Meeting with one of our Founders
Circularise is a supply chain traceability start-up founded in The Netherlands in 2016. We believe that end-to-end traceability holds the key to overcoming major challenges that society faces in areas such as Circular Economy, Environmental Pollution and Carbon Emissions. Therefore, itâs our mission to bring traceability to global supply chains and to accelerate worldâs transition to a Circular Economy.
We are not your typical scale-up and would love to invite you to get involved. You can learn more about Circularise at circularise.com/latest., * You have at least 5 years of experience as a Security Engineer or similar role.
* You know and champion best practices in security, such as defence-in-depth, least privilege, MFA, automated data back-ups, etc.
* You have effectively deployed and are comfortable with security analysis tools, such as SonarQube, Sonatype, Snyk or any other related tool.
* Strong in-depth knowledge of OWASP, the Top Ten security risks, protection against them and mitigation.
* You have experience in performing pentests and following up on the findings, and are comfortable with organising routine security audits with external parties.
* Experience with IT management, including RBAC and IAM systems.
* Experience with managing iptables and firewall rules.
* Functional black-box understanding of cryptography (e.g. DSA, RSA, PKI, Diffie-Hellman, ECC).
Some of the technical bits we would value
* Experience with Python or other programming languages.
* Experience or knowledge of cloud technologies, such as Docker, Kubernetes, Google Cloud Platform, and Terraform.
* Experience with data storages, from the security point of view: encryption at rest, encryption in transit, access control, networking, etc.
* Experience with monitoring, tracing and debugging tools, such as Grafana, Sentry, NewRelic, Honeycomb, etc.
* Experience with alerting and escalation tools such as PagerDuty.
* Experience with DDoS protection and prevention.
* CISSP certification or similar.
* You are familiar with and able to implement some of the worldwide standards and legal requirements, such as SOC II, GDPR, SOX, NIST CSF.
* Knowledge of more modern cryptography techniques and applications, such as Zero Knowledge Proofs and blockchain technology.
* Experience with Apple Mobile Device Management and tools such as Mosyle.
Conditions and benefits
* Would you like to work at a company that is at the forefront of the sustainability game and where the sky is the limit for growth opportunities?
* Would you like to implement robust and battle-tested security mechanisms and practices to protect highly sensitive data in a growing organisation?
* Do you value work-life balance, flexible working hours, working from home, an informal working environment and good relationships with colleagues?, Circularise has an open, informal and growth-oriented culture. A place where you get a lot of freedom and responsibility right away and your opinion counts from day one. You get to work with an amazing group of people.
We offer you an environment in which you can grow and your impact will be of great value.Â
* Competitive salary; depending on experience & salary the range for this role starts at 70,000 with a maximum of 80,000
* Hybrid or remote position with flexible hours alongside an amazing diverse team
* Travel Allowance
* 25 paid vacation days (+7 official Dutch holidays)- if living in the Netherlands
* Help shape a fast-growing scale-up into becoming the next Tech For Good unicorn
* Be part of a new industry standard
* A place to work where your input, creativity and personality is celebrated;
* All the tools you need to be a high performer including state of the artÂ MacBook to work your magic;
* We're a hybrid company, but our HQ is located in The Hague (in case you miss your colleagues)
The bits we really need you to have