Security Engineer | 安全工程師

About Us

Bowtie's mission is to create a digital insurance platform that brings greater good to consumers. As we grow towards that mission, we're looking for highly dynamic, hands-on and passionate talent to our team. (1. Web apps built with React.js 2. Django backend with data managed in PostgreSQL 3. Deployed on AWS, CI/CD pipelines in action 4. Agile project management, Kanban and Scrum combined for long-short term planning)

We Offer

  • Competitive salary
  • Fun, co-operative and flexible startup culture
  • Weekly sharing sessions and regular happy-hour gatherings
  • Flexible working hours
  • 5-day work week and Annual Leave
  • Benefits include medical/ dental coverage and wellness program
  • Professional Development Sponsorship
  • Hong Kong working visa sponsorship (onsite position)
  • Coaching by experienced engineers and domain experts
  • Direct exposure to various aspects of insurance operations
  • Agile task management

How to Apply

A description of your work history (whether as a resume, GitHub profile, LinkedIn profile, or prose)

About the Role

  • Build/deploy/maintain security controls, instrumentation and detection infrastructure
  • Investigate security events, or better yet, automate the investigation and remediation of security events
  • Conduct in-depth research on attacker profiles and infrastructure to better predict and prevent future attacks
  • Develop and implement solutions to ensure privacy policies are correctly implemented
  • Collaborate with product development teams creating new uses of data to assess data use and employ privacy features.
  • Assist with data subject privacy rights requests; designing services to assist with response and assessing improvements to architecture.
  • Analyze, design and program software enhancements to mitigate privacy vulnerabilities and prevent potential future privacy risks.
  • Act as key interface to data science and analytics communities both within and outside of the organization.

About You

  • Experience or understanding of software applications design tools and languages
  • Demonstrated working knowledge of software engineering fundamentals
  • Experienced establishing and approving security policies, controls, and cyber incident response programs
  • Ability to perform system analysis of investigations after breaches or incidents, including impact analysis and making strategic recommendations for avoiding similar vulnerabilities
  • Ability to assess and manage privacy risks, policies, and control implementation
  • Strong understanding of AWS services and architectures
  • Experienced in penetration testing
  • Experienced in ensuring global compliance with the changing laws and applicable regulations
  • Experience driving programs necessary to achieve ISO27001, SSAE16/18 SOC2, GDPR, or equivalent certifications, where appropriate.