Senior Security Engineer (a)
TIS (Treasury Intelligence Solutions GmbH), founded in Walldorf, Germany in 2010, is a global leader in managing corporate payments. The Financial Times named TIS as one of “Europe’s Fastest Growing Companies” for 2019. Offered as Software-as-a-Service (SaaS), the TIS solution is comprehensive, highly-scalable, cloud platform for company-wide payments and cash management. For businesses, TIS creates a community of trust and empowers customers to make better decisions with 100% real-time cashflow visibility. Key benefits are lower costs, risk prevention, a higher degree of transparency and fast worldwide roll-outs. For banks and partners, TIS generates growth and revenue opportunities through continuous innovation for better payment experience.
The TIS solution has been successfully used for many years in both large and medium-sized companies, including Adecco Group, Hugo Boss, Fresenius, Fugro, Lanxess, OSRAM and QIAGEN. More than 25% of DAX companies are already TIS customers. The high level of security and deep integration of the platform with existing ERP systems is certified by ISO-27001, SAP, SOC 1, SOC 2, and TISAX. Your World of Payments. One Login.
Working at TIS
- As part of our culture, we pursue new ideas, we think big, embrace the impossible [INNOVATION] and we are free to make our own decisions [EMPOWERMENT] by communicating precisely [COLLABORATION] and supporting each other to exceed our high standards [EXCELLENCE]
- We respect both our personal and professional life so they would amplify each other
- Flat hierarchies and direct contact to the management with regular feedback sessions in a very modern company what gives you a great opportunity for open collaborations and to be an “entrepreneur within the company” to play a critical role in TIS´s success story
- Working in our Information Security department, you would be joining one of our most fundamental international divisions, which is focused on always improving our security procedures. We would count on you for the overall security performance on a company level
- And last, but not the least, we offer great remuneration and social package
- Own, improve and run used security monitoring environments with SIEM. Provide security event analysis and escalation for identified threats.
- Collaborate with the internal teams to resolve identified security weaknesses and pro-actively look for weaknesses and vulnerabilities by running security testing tooling and reviewing configurations;
- Ensure security of Corporate and Product environments through security control implementation and continuous review.
- Work with AWS to secure, monitor, investigate and respond to detected security events. Continuously drive to improve security of the AWS.
- Take ownership of security incident management and act as a technical leader for security incident management and related forensics analysis.
- Manage penetration tests as well as oversee and execute vulnerability management program. Support vulnerability analysis: identify, analyze, prioritise, collaborate to address with responsible teams.
- Develop security monitoring and testing automation, including Policy-by-Code (Rego) and tool integrations to CI/CD.
- Support compliance efforts and audits, monitor compliance status
- 4+ years experience in Information Security in various roles as well as experience of working in operational roles;
- Experience in at least one of the programming languages (Python, Ruby, Java);
- SIEM experience (e.g. OpenSearch), experience from developing alert rules and use of threat intelligence as part of analysis process;
- Experience on securing AWS environments and use of security services; CloudWatch, GuardDuty, Security Hub. Perform IAM reviews and SCP development.
- Broad exposure to a range of security technologies, including WAF, DLP, IDS/IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware and vulnerability management.
- Working knowledge of common application and network security assessment tools and techniques such as nmap, nessus, burpsuite, etc.
- Management and securing Linux and Windows based systems.
- Virtualization and containerization environments and technologies, such as Docker and Kubernetes
- Strong communication and presentation skills, including to C-level
- Considered as an advantage is: experience in Application Security with understanding of OWASP, Secure SDLC processes and how they apply to agile development model; experience in Terraform; working knowledge of forensics tools and performance of forensic analysis in Linux, Windows and AWS targets
- Fluent in Business English
- Strong communication, presentation skills and ability to influence peers and drive for results.
- Ability to educate and influence peers on information security
- Enjoy working independently, in an accomplishment-oriented, fast-paced environment.
Your contact at TIS
Your contact at TIS