Lead Security Engineer - InfoSec

Job Description

Arcesium is seeking a Lead Security Engineer to join their Information Security team in Lisbon. The candidate will play a critical role in proactively identifying and addressing security vulnerabilities across Arcesium's systems. He/She will lead penetration testing efforts and act as a trusted security advisor to the engineering teams, driving best practices across the organization. The InfoSec team ensures that developers across the firm release secure software and promotes a secure SDLC culture. The team works closely with Engineering teams on security design/code/app reviews and builds common security solutions for dev teams to reuse. The InfoSec team is also responsible for driving internal and external audits within the firm and takes care of Security Monitoring and Cloud Security aspects as well.What this role involves:

• Leading and executing advanced manual penetration testing of web applications, cloud infrastructure, and internal systems.
• Partnering with development and infrastructure teams to provide actionable remediation strategies.
• Serving as a subject matter expert on secure development practices.
• Communicating findings, risks, and recommendations to technical and non-technical audiences.
• Working closely with the global Security Monitoring team to provide coverage and handle escalations.
• Championing a security-first culture by mentoring engineers and contributing to internal security standards.
• Staying ahead of emerging threats and technologies.

Requirements:

• 5+ years of experience in Engineering, with at least 3+ years in security engineering.
• Hands-on development experience in programming languages like Java or Python.
• Technical background in Application Security Testing, Security Code Reviews, security design and architecture reviews
• Knowledge of common application security attacks.
• Prior experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
• Strong understanding of Third-Party Library Vulnerability management processes
• Exposure to Encryption and Key Management concepts
• Experience in Cloud Security (preferred cloud environment - AWS), Container and Kubernetes security
• Strong understanding of security fundamentals and general security technologies.
• Excellent communicator, comfortable discussing with technical staff and management.
• Strong interpersonal skills as well as excellent written and verbal communication skills
• Have the legal right to work in the country (mandatory)

What Arcesium offers:

• Flexible work arrangements (hybrid model) and a casual dress code
• Opportunity to work on challenging projects in a dynamic, global environment
• Continuous learning and development opportunities
• Collaborative and innovative work culture
• Competitive compensation and benefits package
• Modern and comfortable office located at Avenida da Liberdade (Lisbon)