About Us: Versana is an industry-backed fintech on a mission to make the syndicated loan market better. By digitally capturing agent banks data on a real-time basis, Versana provides unprecedented transparency into loan level details and portfolio positions, bringing efficiency and velocity to the entire market. Through our platform, participants can rest assured they are accessing the loan market s most credible source of deal information.
About You: Versana is looking for an experienced Cloud Security Engineerto join our engineering squad. As SME for the cloud security, you will play a crucial role in safeguarding our organization's information systems and data from potential threats and vulnerabilities. You will work collaboratively with cross-functional teams to design, implement, and manage security solutions and practices that align with industry standards and best practices. Key Responsibilities
- Design and Implement cloud security architecture using zero-trust principles.
- Conduct threat modeling, security assessments, vulnerability scans, and penetration tests to identify weaknesses in our infrastructure.
- Deploy, configure, and maintain security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), anti-virus software, and encryption tools. Monitor security systems for suspicious activities and respond to security incidents promptly.
- Lead incident response efforts in the event of a security breach, including containment, investigation, and recovery. Document and report security incidents, providing recommendations for improvement.
- Collaborate with development teams to prioritize and remediate security vulnerabilities in application code/libraries.
- Stay current with emerging threats and cybersecurity trends. Research and evaluate new security technologies and solutions to enhance our security posture.
- Maintain comprehensive documentation of security configurations, procedures, and incident reports. Generate regular security reports for management and stakeholders.
Must Haves
- 7+ years of professional experience in the information security field.
- 3+ years of experience in cloud infrastructure engineering and operations
- 3+ years of experience in DevSecOps tools/processes
- Experience with Cloud-native security services and tools, Cloud Security Posture Management (CSPM), serverless and container security
- Understanding of Application Security principles, SAST, DAST and web application vulnerabilities such as OWASP Top 10, their risk and remediations
- Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
- Experience with observability solutions like Datadog, Splunk, Elastic Stack, etc
- Experience integrating and interpreting security telemetry from security products such as VPNs, Mobile Device Management (MDM), SIEM in a cloud-native environment.
Nice to Haves
- Relevant industry certifications, such as CISSP, CISM, or CompTIA Security+
- Experience with Azure cloud
- Deep understanding of Cloud-Native Application Protection Platform (CNAPP)
Equal Opportunity Employer We are committed to providing equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.