Senior Information Security Engineer

3Pillar Global3Pillar Global·Remote(Romania)
Software Development

WFA Digital Insight

As the demand for experienced information security professionals continues to soar, with a 25% increase in job postings over the past year, 3Pillar Global stands out for its commitment to innovation and security. With the rise of remote work, companies are seeking experts who can navigate the complexities of cloud security, compliance, and vulnerability management. This role is particularly interesting given 3Pillar Global's focus on engineering solutions that challenge conventional norms. Candidates should be prepared to showcase their expertise in security policies, threat modeling, and cloud security, as well as their ability to collaborate with engineering teams. Before applying, it's crucial to understand the current landscape of information security and how 3Pillar Global is positioned to address the evolving needs of its clients.

Job Description

About the Role

The Senior Information Security Engineer position at 3Pillar Global is a critical role that involves managing the end-to-end vulnerability management program, enhancing cloud and endpoint security, and ensuring governance, risk, and compliance. This role requires a deep understanding of information security principles, cloud security, and compliance frameworks. As a key member of the team, the successful candidate will work closely with engineering teams to drive timely remediation of vulnerabilities and implement security controls to protect the company's SaaS products and infrastructure.

The role is based in Romania and offers the opportunity to work with a talented team of professionals who are passionate about delivering innovative solutions. The position involves a mix of technical, strategic, and collaborative work, requiring excellent communication skills and the ability to translate technical risk to both engineers and non-technical stakeholders.

3Pillar Global is committed to fostering a culture of innovation and security, and this role plays a vital part in shaping the company's security posture. The ideal candidate will be a seasoned information security professional with a strong background in vulnerability management, cloud security, and compliance.

What You Will Do

  • Own the end-to-end vulnerability management program across SaaS products, cloud infrastructure, containers, and endpoints.
  • Operate and tune SAST, SCA, and dependency-scanning tooling, such as Snyk, GitHub Advanced Security, and Dependabot.
  • Monitor runtime and infrastructure telemetry for security signals and investigate alerts.
  • Lead containment and follow-up actions for security incidents.
  • Track and report on vulnerability SLAs, mean-time-to-remediate, and other security KPIs to leadership.
  • Enhance the security posture of the Microsoft Azure environment, including identity, networking, data, and workloads.
  • Administer and improve Microsoft Intune for endpoint configuration, compliance, and mobile device management.
  • Tune and maintain Microsoft Defender for threat detection, response, and reporting.
  • Implement and operate Microsoft Purview controls for data classification, DLP, and information protection.
  • Draft, update, and maintain corporate information security policies, standards, and procedures.
  • Lead the response to customer and prospect security questionnaires, RFPs, and due-diligence requests.

What We Are Looking For

  • 4-6 years of professional experience in information security, application security, cloud security, or a closely related role.
  • Hands-on experience securing SaaS applications and workloads running in Microsoft Azure.
  • Demonstrated experience with vulnerability management tooling and process, including triage, prioritization, and driving remediation through engineering teams.
  • Working proficiency with several of the following: Microsoft Intune, Microsoft Defender, Microsoft Purview, Datadog, GitHub, and Snyk.
  • Solid understanding of identity and access management concepts, particularly Microsoft Entra ID (Azure AD), conditional access, and least-privilege design.
  • Experience writing or substantially contributing to security policies, standards, or procedures.
  • Experience responding to customer security questionnaires and supporting compliance efforts (SOC 2, ISO 27001, or similar).
  • Strong written and verbal communication skills and the ability to translate technical risk for both engineers and non-tech stakeholders.

Nice to Have

  • Experience with cloud security architecture and design patterns.
  • Knowledge of threat modeling and secure SDLC practices.
  • Familiarity with compliance frameworks, such as NIST CSF, SOC 2, and ISO 27001.
  • Experience with security awareness training and phishing simulations.

Benefits and Perks

  • Competitive salary and benefits package.
  • Opportunity to work with a talented team of professionals who are passionate about delivering innovative solutions.
  • Flexible working hours and remote work arrangements.
  • Professional development opportunities, including training and conference sponsorships.
  • Access to the latest security tools and technologies.
  • Recognition and reward for outstanding performance and contributions to the company's security posture.
  • Comprehensive health insurance and wellness programs.
  • Generous PTO and holiday entitlement.

How to Stand Out

  • Tip: Highlight your experience with vulnerability management tooling and process, including triage, prioritization, and driving remediation through engineering teams.
  • Ensure you have a strong understanding of cloud security architecture and design patterns, particularly in Microsoft Azure.
  • Be prepared to discuss your experience with security policies, standards, and procedures, and how you have contributed to their development and maintenance.
  • Showcase your ability to communicate technical risk to both engineers and non-technical stakeholders, and provide examples of how you have done so in previous roles.
  • Prepare to back up your claims with specific examples of your experience with security tools and technologies, such as Snyk, GitHub Advanced Security, and Microsoft Defender.
  • Tip: Research 3Pillar Global's approach to innovation and security, and be prepared to discuss how your skills and experience align with the company's goals and values.
  • Consider creating a portfolio that showcases your experience and skills in information security, including any relevant certifications or training.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.