Description:

Mondoo is seeking a skilled Security Policy Engineer to join their dynamic team, focusing on enhancing the security of their platform.
The role involves translating complex security requirements into code and implementing security policies across the infrastructure.
Responsibilities include collaborating with various teams to ensure systems meet high security standards and automating security practices through a "policy as code" approach.
Key tasks include developing and maintaining security policies, integrating them into CI/CD pipelines, designing automated security checks across cloud environments, and conducting security assessments.
The engineer will also contribute to internal security tools, optimize existing policies, and provide guidance on best practices.

Requirements:

A Bachelor's degree in Computer Science, Cybersecurity, or a related field is required.
Candidates must have 3+ years of experience in security engineering or policy implementation.
Strong programming skills in at least one language such as Go, Python, or Java are necessary.
Experience with policy as code frameworks like Open Policy Agent or HashiCorp Sentinel is required.
Proficiency in writing and maintaining infrastructure as code using tools like Terraform or CloudFormation is essential.
A solid understanding of cloud security principles and best practices is needed, along with knowledge of at least one major cloud platform (AWS, Azure, or GCP).
Extensive experience with Linux and Windows operating systems is required.
Candidates should have an in-depth understanding of TCP/IP networking protocols and concepts.
Experience with container technologies and orchestration, such as Docker and Kubernetes, is necessary.
Familiarity with common compliance standards like CIS, SOC 2, ISO 27001, and HIPAA is required.
Experience with version control systems, preferably Git, is essential.
Excellent problem-solving and analytical skills are necessary, along with strong written and communication skills in English.
The ability to articulate complex security and IT concepts to both technical and non-technical audiences is required.

The position offers the opportunity to have a direct impact on the Mondoo Platform and its security practices.
Employees will work in a remote environment, providing flexibility in their work location.
The role allows for collaboration with various teams, enhancing professional growth and learning opportunities.
Employees will stay up-to-date with emerging security threats and best practices, contributing to their professional development.
The company encourages participation in the RFC process, allowing for input in security architecture and policy decisions.