Information security engineer

Keepit is a cloud-to-cloud backup company offering customers the assurance of a third party independent backup of their critical business data when moving to the cloud. Maintaining confidentiality, integrity and availability of customer data backup sets is key to our continued success.

As the business is growing so is the effort required to design, implement, execute, review and refine security practices throughout the organisation.

Documentation, third party auditing and certification are important to work areas as they allow our organisation to continuously improve and they provide our global customer base assurance that our company and our service can be trusted to look after the most important data of our customers.

About the project:

The goal of Keepit is to provide data management and monitoring solutions that brings value for all. We will reach this goal by developing our products making them the simplest on the market, requiring the least effort from you as a user to enjoy. Our motto is "Less is More" or "Keep it Simple".

As an Information Security Engineer your main areas of work will be assisting the existing team with:

1) Clarifying security postures to partners and larger customers

2) Implementing, executing, reviewing and refining security practices

and procedures

3) Contributing documentation eventually leading to ISO27001 certification

4) Third party audits, penetration tests as well as internal audits

5) Risk assessment work based on NIST SP800-30

You need to have a good understanding of information security in general and a reasonably strong technical foundation to understand the threats, risks and mitigations that can apply to building and operating a cloud service trusted to hold the data of customers across the planet.

You are able to find, read and understand regulatory and legal texts and compare our solution and our security posture to requirements in such texts. Such comparisons can form the basis for changes in product, processes or contracts with customers.

You understand the difference between "risk management" and "risk avoidance".

You have sufficient technical insight to read and understand the Turing Award paper "Reflections on Trusting Trust" and you can see how this is relevant in a broader setting in todays connected world.

Desired skills are:

1) Excellent communication skills; the ability to clearly state a message to a broad audience

2) Pragmatism; we work in the real world

3) Good understanding of risk management

4) Good understanding of information security

5) Sufficient technical foundation to understand larger internet-based systems

6) Good written and spoken English

7) Attention to detail

Bonus skills are:

1) Experience bridging policy and implementation

2) Experience in software development

3) Experience managing Linux systems

4) Working knowledge of git and LaTeX

5) Even more attention to detail

We are looking for a dedicated individual with potential - long industry experience is nice but not a requirement.