Security Engineer

Company Status

• Web apps built with React.js
• Django backend with data managed in PostgreSQL
• Deployed on AWS, CI/CD pipelines in action
• Agile project management, Kanban and Scrum combined for long-short term planning

We Offer

• Competitive salary
• Mac machine
• Fun and flexible startup culture
• Hackathons, weekly sharing sessions and happy-hour gatherings
• Flexible working hours
• 5-day work week and 15 days annual leave
• Benefits include medical / dental coverage
• Hong Kong working visa sponsorship (onsite position)

How to Apply

A description of your work history (whether as a resume, GitHub profile, LinkedIn profile, or prose)

• Mail to careers@bowtie.com.hk or
• Apply via AngelList

Responsibilities

• Build/deploy/maintain security controls, instrumentation and detection infrastructure
• Investigate security events, or better yet, automate the investigation and remediation of security events
• Conduct in-depth research on attacker profiles and infrastructure to better predict and prevent future attacks
• Develop and implement solutions to ensure privacy policies are correctly implemented.
• Collaborate with product development teams creating new uses of data to assess data use and employ privacy features.
• Assist with data subject privacy rights requests; designing services to assist with response and assessing improvements to architecture.
• Analyze, design and program software enhancements to mitigate privacy vulnerabilities and prevent potential future privacy risks.
• Act as key interface to data science and analytics communities both within and outside of the organization.

Requirements

• Experience or understanding of software applications design tools and languages
• Demonstrated working knowledge of software engineering fundamentals.
• Experienced establishing and approving security policies, controls, and cyber incident response programs
• Ability to perform system analysis of investigations after breaches or incidents, including impact analysis and making strategic recommendations for avoiding similar vulnerabilities
• Ability to assess and manage privacy risks, policies, and control implementation
• Strong understanding of AWS services and architectures
• Experienced in penetration testing
• Experienced in ensuring global compliance with the changing laws and applicable regulations
• Experience driving programs necessary to achieve ISO27001, SSAE16/18 SOC2, GDPR, or equivalent certifications, where appropriate.