Senior Cybersecurity Engineer

About Medius

Medius is a Swedish origin company & a leading global provider of cloud-based SaaS spend management solutions, helping organizations drive their business forward by enabling best-in-class process efficiency, cost-savings, and greater financial control. 

Spend management doesn’t ring a bell? This term describes the process from placing an order through its delivery, verification, invoicing to its payment. Our products help companies at every step of the purchasing process, increasing their security and speeding it up. We use the latest advances in artificial intelligence (AI) and machine learning to automatically capture and process invoices.

If you are seeking a stimulating environment characterized by unparalleled momentum and rapid growth, look no further. Join us as we lead the charge in reshaping the future of spend management, setting new standards of excellence, and driving impactful change across industries.

For more info: www.medius.com

About the job

We are seeking a skilled and motivated Senior Cybersecurity Engineer to enhance the
security posture of our organization. You are a good fit if you have in-depth expertise in
securing Microsoft 365 and Azure environments, pentesting, and incident response. You
will be responsible for implementing security controls, detecting vulnerabilities, and
responding to security incidents to safeguard our digital assets.
The successful candidate must adopt constructive dialogue and seek resolution when
confronted with discordant views. Engineers in this role need a combination of
troubleshooting, technical, and communication skills. This role will provide career growth
opportunities as you gain new skills in the course of your duties in securing top-tier AIpowered solutions.

Some of the tasks you will be performing

• Microsoft 365 & Azure Security:
  • Configure, monitor, and manage Microsoft Defender, Microsoft Sentinel, Azure
  • Security Center, Azure Purview, Microsoft Intune, Defender for Cloud for compliance, and enhance security posture.
• Penetration Testing & Vulnerability Management:
  • Conduct regular penetration testing to identify and exploit security vulnerabilities in applications, networks, and cloud infrastructure.
  • Collaborate with developers, IT, and business teams to remediate vulnerabilities identified through security assessments.
  • Investigate findings using CTI platforms.
  • Utilize security tools to perform automated vulnerability assessments and analyze the results to prioritize security efforts.
  • Closely monitor supply chain security and third-party risk management.
• Incident Response:
  • Monitor systems, logs, and alerts for signs of a potential breach.
  • Act as the primary point of contact for managing and leading security incidents,
    including analysis, containment, and mitigation.
  • Document incidents and develop post-incident reports to identify lessons learned and enhance the incident response plans.
  • Help implement automation in incident response.
• Collaboration & Reporting:
  • Collaborate with cross-functional teams to integrate security best practices into
    system design and architecture.
  • Generate security reports and dashboards for stakeholders, showing security posture, compliance status, and incidents.
  • Help address our compliance needs with respect to ISO27001, SOC1, and SOC2 reporting requirements.
  • Stay updated on the latest security trends, vulnerabilities, and technology developments to maintain effective defenses.

Requirements for the position

• Engineering degree in Cybersecurity or related field, or equivalent work experience.
• Minimum of 5 years of experience with any combination of the following:
  • Hands-on experience in configuring and managing Azure and O365 security tools to monitor, detect, and prevent threats.
  • Strong understanding of OWASP Top 10 vulnerabilities and experience identifying these in real-world systems.
  • Experience developing and executing incident response plans and postincident reviews.
  • Experience implementing cloud-native security practices, such as infrastructure IaC security, DevSecOps integration, and container security.
• Additional qualifications
  • Proficiency in pentesting tools like Burp Suite, Metasploit, Kali Linux, Nmap, or others.
  • Good knowledge of NIST CSF, CIS Benchmarks, MITRE ATT&CK and D3FEND.
• Soft skills:
  • Excellent critical thinking skills with an initiative-taking approach to identifying and mitigating security risks.
  • Effective communication and collaboration skills to work effectively with cross functional teams.
  • Diligence and the ability to manage multiple tasks and priorities in a demanding environment.

What we offer

• An optimized on-boarding in order to facilitate the integration and the discovery of the teams
• A strong and positive company culture, with close-knit teams and a stimulating work environment
• All company seminars and celebration trips and other spontaneous events
• Multiple benefits such as a great health insurance, continuous training…