Senior Cyber Security Engineer

As Roof Stacks, we have been carrying out innovative projects since 2015. We aim to become a global actor in Tourism Systems, Extended Reality(AR/VR), Blockchain Technologies, Game Development, and Financial Technology, which are our areas of expertise.

We focus on creating a difference with the technologies we develop and designing the future. In addition to our central office in Ataşehir/İstanbul, we have branches in Antalya and Elazığ in Turkey.

We have strengthened our position in the global market by opening a new office in Austin, USA, which hosts world technology giants from all over the world.

Job requirements:

1. Extensive experience leading application security teams, preferably within SaaS environments.
2. Exceptional communication and interpersonal abilities, capable of effectively collaborating with multidisciplinary teams.
3. Advanced analytical and management skills.
4. Deep knowledge of common application security risks, such as those listed in the OWASP Top 10, and best practices in secure coding.
5. Expertise in cloud security services across AWS, Google Cloud, and/or Azure, including IAM, key management, and secure networking practices.
6. Proficiency with penetration testing tools and techniques.
7. Experience in Security Incident management and/or operating within a SOC (Security Operations Center), including familiarity with SIEM systems, is advantageous.
8. Familiarity with containerization and cloud-native security tools (e.g., AWS Security Hub, Google Security Command Center, Azure Defender).
9. Relevant professional certifications (e.g., CISSP, CISM, SANS GIAC, OSCP, AWS Security Specialty, Google Professional Cloud Security Engineer) are beneficial.
10. Proficient in both written and spoken English.
11. Prior remote work experience is not mandatory but is considered an asset.

Key Responsibilities:

1. Direct and oversee the application security program, ensuring it aligns with the broader Security strategy.
2. Support the platform team in their day-to-day operations, projects, and personal development through guidance and mentorship.
3. Manage the vulnerabilities management process in close collaboration with the Engineering teams, providing important metrics to the Security Director.
4. Champion the adoption of Secure Development Life Cycle practices within the Platform Engineering team.
5. Maintain robust security architecture across Platform, Data, Development, and Product teams.
6. Implement threat modeling practices into product design and development processes.
7. Aid in the enhancement and upkeep of security tools used in the CI/CD pipeline.
8. Organize and facilitate penetration testing activities, including defining the scope, planning, and analyzing outcomes.
9. Collaborate with infrastructure and cloud teams to ensure secure configurations across multi-cloud environments, including AWS, Google Cloud, and Azure.
10. Develop and implement security best practices for containerized applications and orchestration tools (Docker, Kubernetes, GKE, AKS).
11. Provide leadership in incident response processes, ensuring robust cloud-based security incident management and recovery procedures.
12. Conduct regular audits of cloud security configurations, ensuring compliance with industry standards and frameworks.