π Distinguished Tech Innovator:
3Pillar warmly extends an invitation for you to join an elite team of visionaries. Beyond software development, we are dedicated to engineering solutions that challenge conventional norms. Envision you: steering projects that redefine urban living, establish new media channels for enterprise companies, or drive innovation in healthcare. Your invaluable expertise will serve as the cornerstone in shaping the future direction of our endeavors.
This role transcends the ordinary realms of coding; it's about orchestrating technological marvels that disrupt industries. Seize this extraordinary opportunity to lead a team that is actively shaping the tech landscape for our clients, and sets global standards along the way. ππ₯
Key Responsibilities
Vulnerability & Product Security:
Own the end-to-end vulnerability management program across our SaaS products, cloud infrastructure, containers, and endpoints including identification, triage, prioritization, remediation tracking, and reporting.
Operate and tune SAST, SCA, and dependency-scanning tooling (e.g., Snyk, GitHub Advanced Security/Dependabot) and partner with engineering teams to drive timely remediation.
Monitor runtime and infrastructure telemetry (e.g., Datadog) for security signals; investigate alerts and lead containment and follow-up actions.
Track and report on vulnerability SLAs, mean-time-to-remediate, and other security KPIs to leadership.
Cloud & Endpoint Security:
Enhance the security posture of our Microsoft Azure environment including identity, networking, data, and workloads through configuration hardening, policy enforcement, and continuous monitoring.
Administer and improve Microsoft Intune for endpoint configuration, compliance, and mobile device management.
Tune and maintain Microsoft Defender (Endpoint, Cloud, and related products) for threat detection, response, and reporting.
Implement and operate Microsoft Purview controls for data classification, DLP, and information protection.
Governance, Risk & Compliance:
Draft, update, and maintain corporate information security policies, standards, and procedures aligned to recognized frameworks (e.g., SOC 2, ISO 27001, NIST CSF).
Lead the response to customer and prospect security questionnaires, RFPs, and due-diligence requests, and maintain a reusable response library.
Support vendor risk assessments and third-party security reviews.
Assist with internal and external audits, evidence collection, and remediation of findings.
Security Program & Collaboration:
Partner with Engineering on secure SDLC practices, threat modeling, and code review guidance.
Contribute to security awareness training, phishing simulations, and a strong security culture across the company.
Help mature incident response playbooks and participate in tabletop exercises and on-call rotations as needed.
Minimum Qualifications:
4β6 years of professional experience in information security, application security, cloud security, or a closely related role.
Hands-on experience securing SaaS applications and workloads running in Microsoft Azure.
Demonstrated experience with vulnerability management tooling and process including triage, prioritization (e.g., CVSS, EPSS, exploitability context), and driving remediation through engineering teams.
Working proficiency with several of the following: Microsoft Intune, Microsoft Defender (Endpoint/Cloud), Microsoft Purview, Datadog, GitHub (Advanced Security, Dependabot, code scanning), and Snyk.
Solid understanding of identity and access management concepts, particularly Microsoft Entra ID (Azure AD), conditional access, and least-privilege design.
Experience writing or substantially contributing to security policies, standards, or procedures.
Experience responding to customer security questionnaires and supporting compliance efforts (SOC 2, ISO 27001, or similar).
Strong written and verbal communication skills and able to translate technical risk for both engineers and non-technical stakeholders.
Additional Experience Desired:
Industry certifications such as CISSP, CCSP, AZ-500, SC-200, SC-100, GCIH, GSEC, or equivalent.
Scripting/automation experience (PowerShell, Python, Bash) and familiarity with infrastructure-as-code (Terraform, Bicep, ARM).
Experience with container and Kubernetes security.
Exposure to threat modeling, secure code review, or penetration testing.
Prior experience in a SaaS company or regulated industry.