About the role

Information Security Engineer focusing on Cloud Security at CORTO; designing and implementing security controls for cloud infrastructures.

Responsibilities

Design, implement, and maintain security controls across Cloud environments, including IAM, networking, logging, encryption, and monitoring
Review cloud architectures and infrastructure-as-code to ensure alignment with security standards and best practices
Define and maintain cloud security guardrails, patterns, and technical standards
Manage, tune, and improve security tooling, including CNAPP, SIEM, XDR, and vulnerability scanning solutions
Monitor and respond to security alerts and incidents, supporting investigation, root cause analysis, and remediation
Conduct vulnerability assessments and risk analysis, and track remediation with engineering teams
Improve detection and response capabilities across cloud, SaaS, and application environments
Support secure SDLC practices, including threat modelling, design reviews, and security assessments
Assist with application, container, and API security activities as required
Support SOC 2 compliance, including control implementation, audits, and evidence collection using GRC tools
Assist with security questionnaires, customer trust requests, and third-party risk assessments
Maintain and improve security policies, standards, documentation, and playbooks
Collaborate closely with DevOps, Engineering, and IT teams to uplift security maturity
Stay current on cloud security threats, tooling, and industry best practices

3-5 years of experience in Information Security Engineering roles.
Strong hands-on experience securing AWS environments.
Solid understanding of: IAM, least-privilege access, and identity federation
Network security
Logging, monitoring, and alerting
Encryption in transit and at rest
Microsoft Entra and GCP security
Experience with at least some of the following: SIEM and alerting platforms
Vulnerability management tools
Infrastructure-as-Code
Endpoint security and MDM
Security tools, such as Wiz, CrowdStrike, Snyk and Aikido
Good understanding of security frameworks such as SOC 2, CIS and NIST, or similar.
Familiarity with cloud security best practices and shared responsibility models.
Working knowledge of incident response processes.

Your work matters. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
Work with a group of authentic, passionate people who love what they do.
Well-funded and global. CORTO is part of ATI – one of the largest international LegalTech companies.
Flexible and hybrid working. We engage, share, and collaborate on ideas and workflows.
Career and learning opportunities; we move fast and need smart people to get us where we're going. We are a scaling business and looking for people who want to grow with us.
Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
We value your well-being - Wellness focus with additional time off, gym membership and other perks.
Fast-paced tech environment, if we don't disrupt ourselves someone else will do it!
Access to LEAP Home - a program unique to LEAP to support you in buying your primary residence.