Lead Cyber Security Engineer

As Roof Stacks, we have been carrying out innovative projects since 2015. We aim to become a global actor in Tourism Systems, Extended Reality(AR/VR), Blockchain Technologies, Game Development, and Financial Technology, which are our areas of expertise.

We focus on creating a difference with the technologies we develop and designing the future. In addition to our central office in Ataşehir/İstanbul, we have branches in Antalya and Elazığ in Turkey.

We have strengthened our position in the global market by opening a new office in Austin, USA, which hosts world technology giants from all over the world.

Job requirements:

Requirements:

• Extensive experience leading application security teams, preferably within SaaS environments.

• Exceptional communication and interpersonal abilities, capable of effectively collaborating with multidisciplinary teams.

• Advanced analytical and management skills.

• Deep knowledge of common application security risks, such as those listed in the OWASP Top 10, and best practices in secure coding.

• Expertise in cloud security services across AWS, Google Cloud, and/or Azure, including IAM, key management, and secure networking practices.

• Proficiency with penetration testing tools and techniques.

• Experience in Security Incident management and/or operating within a SOC (Security Operations Center), including familiarity with SIEM systems, is advantageous.

• Familiarity with containerization and cloud-native security tools (e.g., AWS Security Hub, Google Security Command Center, Azure Defender).

• Relevant professional certifications (e.g., CISSP, CISM, SANS GIAC, OSCP, AWS Security Specialty, Google Professional Cloud Security Engineer) are beneficial.

• Proficient in both written and spoken English.

• Prior remote work experience is not mandatory but is considered an asset.

Key Responsibilities:

Key Responsibilities:

• Direct and oversee the application security program, ensuring it aligns with the broader Security strategy.

• Support the platform team in their day-to-day operations, projects, and personal development through guidance and mentorship.

• Manage the vulnerabilities management process in close collaboration with the Engineering teams, providing important metrics to the Security Director.

• Champion the adoption of Secure Development Life Cycle practices within the Platform Engineering team.

• Maintain robust security architecture across Platform, Data, Development, and Product teams.

• Implement threat modeling practices into product design and development processes.

• Aid in the enhancement and upkeep of security tools used in the CI/CD pipeline.

• Organize and facilitate penetration testing activities, including defining the scope, planning, and analyzing outcomes.

• Collaborate with infrastructure and cloud teams to ensure secure configurations across multi-cloud environments, including AWS, Google Cloud, and Azure.

• Develop and implement security best practices for containerized applications and orchestration tools (Docker, Kubernetes, GKE, AKS).

• Provide leadership in incident response processes, ensuring robust cloud-based security incident management and recovery procedures.

• Conduct regular audits of cloud security configurations, ensuring compliance with industry standards and frameworks.