Platform Security Engineer

We are looking for a Platform Security Engineer to join our Platform team and own the technical security of our live infrastructure end-to-end. You will set the hardening baseline, lead vulnerability and penetration testing, drive disaster recovery readiness, and translate regulatory requirements into technical controls that hold up under audit. This is a hands-on, high-ownership role with direct impact on how securely we operate and grow.

Key Responsibilities

•

Define and maintain security hardening baselines for Azure tenants, codify security guardrails for the Avarda Azure tenant including: landing zones, secure-by-design patterns, networks segmentation, security policy. Vulnerability scan for public products domains.

•

Define and maintain on-prem security hardening baselines: Server hardening, network segmentation and integration with Azure, identity security baselines, and produce compliance reports.

•

Lead pen/penetration testing technically: scope tests, triage findings, drive remediation, and report on progress.

•

Own the vulnerability management end-to-end: tooling, integration, prioritization, remediation tracking, reporting.

•

Own response to security alerts and incidents raised by supplier (like TRUESEC, BaffinBay), Microsoft Defender, and other detection sources — triage, lead remediation across infrastructure, and close the loop with the SOC and CISO function. Collaborate with supplier to evaluate and improve monitoring, alerting, and protection capabilities across security platforms.

•

Own the continuous security improvement backlog for our infra. — drive Azure Secure Score uplift, drive on-prem infra. Security improvement.

•

Drive Disaster Recovery technical readiness: draft, test, and maintain DR plans alongside system owners and CISO function.

•

Drive DevSecOps initiatives across CI/CD and software supply chain security, including security scanning, dependency/vulnerability detection, secrets management, and pipeline hardening. Serve as a security partner for developers and promote secure engineering practices.

•

Compliance technical execution at infrastructure level: ISO 27001 / NIST CSF mapping, technical evidence and responses for internal and external audits.

•

Technical risk assessments for new infrastructure tooling, significant architectural changes, and vendor onboarding that touches infrastructure.

Qualifications and Experience

•

5+ years in infrastructure security, platform security engineering, or security architecture roles spanning both cloud and on-prem environments.

•

Deep, current Azure security expertise — Defender for Cloud, Microsoft Sentinel, Azure Policy, Entra ID, PIM, etc.

•

On-prem infrastructure security: Server hardening, network segmentation, certificate management.

•

Vulnerability management at scale: tooling, prioritization frameworks, working with system owners to close findings.

•

Penetration test coordination: scoping, technical triage, remediation tracking. Hands-on with continuous testing platforms (Pentera or similar) appreciated.

•

Disaster recovery: drafting plans, running tests, working with system owners.

•

Compliance fluency: hands-on experience mapping ISO 27001 or NIST controls to technical infrastructure implementations and supporting external audits.

•

DevSecOps fluency: shift-left scanning, secrets management, policy as code.

•

Threat modelling at architecture level (STRIDE or equivalent, applied in practice).

•

Comfortable communicating with engineers, risk and compliance teams, and external auditors.

•

Builds rather than gatekeeps — ships secure tooling other engineers want to use, rather than policy documents they ignore.

•

Comfortable with multiple stakeholders.

•

Pragmatic over perfect — accepts that security wins by being adopted, not by being theoretically ideal.

•

English — professional working proficiency in writing and speaking (required).

•

Bachelor's degree in Computer Science, Software Engineering, or a related technical field.