Senior Information Security Engineer

This is a fully remote position, open to applicants in Turkey.

📋 Description

• Lead the execution, upkeep, and ongoing enhancement of the ISO 27001 Information Security Management System (ISMS), which encompasses control maturity tracking and audit preparedness.

• Assist in SOC 2 Type II compliance initiatives, including the implementation of controls, collection of evidence, and coordination of audits.

• Perform and document internal audits, oversee findings, and ensure follow-up on remediation strategies across various teams.

• Be responsible for the evolution of the company-wide risk management program, which includes the risk register, scoring methodology, risk acceptance, and exception processes.

• Offer governance and security oversight for AWS environments, focusing on cloud security posture, access controls, and configuration standards.

• Collaborate with both Red Team and Blue Team to monitor, prioritize, and resolve technical security issues.

• Maintain, revise, and implement security policies, standards, and procedures throughout the organization.

• Create and deliver security awareness and training programs tailored for various roles (engineering, operations, business).

• Lead assessments of third-party vendors' security, including risk evaluation, tiering, and continuous monitoring.

• Support and manage security incident response, reporting, and post-incident review processes.

• Contribute to data protection and privacy governance (KVKK, GDPR), including Data Protection Impact Assessment (DPIA) processes and data lifecycle management.

• Promote governance practices for AI/LLM, including secure usage policies, data exposure controls, and risk assessments for AI tools.

• Serve as a security consultant for business units and engineering teams, aiding in secure architecture, design reviews, and risk-based decision-making.

• Participate in security architecture and design review processes, including threat modeling and guidance on secure design.

• Coordinate and enhance business continuity and disaster recovery (BCP/DR) processes, which involve testing, documentation, and continuous improvement.

⛳️ Requirements

• In-depth knowledge of ISO 27001, ISMS processes, internal audits, and control frameworks.

• Practical experience with risk management methodologies, including risk identification, scoring, and tracking mitigation efforts.

• Familiarity with Business Continuity Management (BCM) and disaster recovery planning.

• Strong understanding of AWS services and cloud security governance, including IAM, logging, and baseline hardening.

• Knowledge of the SOC 2 Type II framework and its control domains.

• Comprehension of data security principles, including data classification, inventory, and protection mechanisms.

• Experience with vendor security and third-party risk management processes.

• Understanding of privacy regulations such as KVKK and GDPR, including practical application.

• Familiarity with AI/LLM risks and governance concepts is highly advantageous.

• Excellent documentation and reporting skills for audits, compliance, and executive visibility.

• Experience in responding to customer security inquiries and audits.

• Strong analytical thinking and capability to evaluate both technical and business risks.

• Ability to take ownership of security domains and drive initiatives from start to finish.

• Exceptional written and verbal communication skills in English.

• Strong collaborative skills with both technical (engineering, DevOps) and non-technical teams.

• Ability to comprehend and convey the business impact of security-related decisions.

• Capable of assessing the security posture across cloud, application, endpoint, and data layers.

• *Comfortable serving as a trusted advisor and consultant to internal stakeholders.*

• Proactive attitude with a focus on continuous improvement.

• *Willingness to provide on-call support for security-related incidents when required.*

• Ownership of security-related projects from planning through execution to closure.

• *Ability to track, validate, and resolve findings from audits, pentests, and internal reviews.*

• Experience using ticketing systems (such as Jira) to manage security tasks and follow-ups.

• Actively engages in team collaboration, knowledge sharing, and process enhancement.

• Ability to communicate effectively with internal teams, auditors, and external stakeholders.

• Maintains a positive and solution-focused mindset in a dynamic environment.

🏝️ Benefits

• Enjoy a monthly meal allowance designed to enhance your daily routine.

• Access comprehensive private health insurance.

• Feed your curiosity with access to Spotify, LinkedIn Learning, Blinkist, MasterClass, Neoskola, and CloudGuru.

• Level up with internal trainings covering AI fundamentals, coding, foreign languages, and a wide range of personal development skills.

• Be part of a diverse team that’s as global as it gets, where every voice is heard and 50+ nationalities build together.

• Become a Shareowner through our eligibility-based “ESOP” and own a piece of what you build.

• Help build the team you want to work with and enjoy rewarding referral bonuses.

• Opportunities to give back to your community through volunteering and purpose-driven social impact projects.

• From global retreats to team-building activities, expect year-round events that turn into lifelong memories.

• Get inspired by the greatest minds in the tech industry through events like our Tech & Dev Talks.

• Work from anywhere in Turkey through our fully remote setup.