Cybersecurity Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Oversee, investigate, and respond to security events, alerts, threats, and incidents across various systems, networks, cloud infrastructures, and endpoints.

• Establish and uphold effective security controls throughout infrastructure, access, firewalls, endpoints, cloud, and system environments.

• Assist in security incident response activities, including investigation, containment, root cause analysis, and subsequent remediation.

• Identify, evaluate, prioritize, and aid in the remediation of vulnerabilities across operating systems, infrastructure, applications, and supporting services.

• Support the hardening of security measures and implementation of best practices across AWS and hybrid infrastructure environments.

• Help manage and enhance access control, password policies, account security, permissions, and associated operational processes.

• Review firewall configurations, network access, and infrastructure security settings to ensure adequate protection and adherence to best practices.

• Facilitate the use, enhancement, or deployment of security monitoring tools, including Security Information and Event Management (SIEM) solutions where applicable.

• Conduct or assist with vulnerability assessments, risk evaluations, security control testing, and tracking of remediation efforts.

• Collaborate with external vendors, penetration testers, or security auditors as necessary, and assist in addressing security findings.

• Develop and refine security procedures, runbooks, and operational practices that align with Toku’s internal security requirements.

• Collaborate closely with infrastructure, engineering, compliance, and business teams to implement effective security enhancements.

⛳️ Requirements

• Cybersecurity operations experience: Minimum of 3 years of relevant hands-on experience in cybersecurity, security operations, infrastructure security, or cloud security.

• Hands-on security implementation: Proven experience in implementing security controls, guardrails, monitoring, and remediation efforts in real production settings.

• Infrastructure security background: Extensive knowledge of systems, networks, firewalls, access control, endpoint security, and infrastructure hardening.

• Cloud security experience: Experience in securing cloud environments, preferably AWS, including cloud access controls, monitoring, vulnerability management, and security best practices.

• Incident response: Experience in investigating security incidents, alerts, suspicious activities, malware, vulnerabilities, or breaches in system/network security.

• SIEM exposure: Familiarity with SIEM or security monitoring tools, capable of investigating alerts and suggesting improvements.

• Vulnerability management: Experience in vulnerability assessment, remediation tracking, patching, risk assessment, or tools such as Tenable, Rapid7, Nexpose, or similar.

• Network & endpoint security: Solid understanding of firewalls, endpoint protection, Intrusion Detection / Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), and related security tools.

• Linux & Windows security: Comfortable working in both Linux and Windows environments, including operating system security, patching, and hardening practices.

• Security testing awareness: Experience in supporting penetration testing, vulnerability assessment, or security control testing would be beneficial.

• Compliance awareness: Knowledge of security standards or frameworks such as ISO 27001, SOC 2, or similar would be advantageous, though this is not solely a governance role.

• Certifications (nice to have): Security certifications like CISSP, cloud security certifications, CREST, SANS/GIAC, or equivalent practical experience would be a plus.

• Independent working style: Ability to work autonomously, identify gaps, recommend enhancements, and follow through on practical security implementations.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Remote work options