We are looking for a Staff Security Engineer II to join our Information Security team of talented engineers that share a common interest in securing Careem’s production and enterprise systems and services and ensure trust between Careem's Customers, Captains, Colleagues, merchants and partners. Reporting directly to the CISO, you will work closely with Infrastructure, Product and Platform Engineering, Product Management and IT teams to drive security excellence in Careem products and services as well as the internal enterprise systems being built to service the colleagues.

Key Responsibilities:

Design: You will be responsible for designing an innovative security architecture for the distributed backend system that the engineering organization is building to meet the challenging functional, scalability and reliability requirements for our fast growing business. Your responsibility includes ensuring that the end-to-end architecture design meets the best practices around cyber security, compliance, regulation and privacy.

Engineering: You will be a trusted technical advisor to solve complex information security challenges. Provide guidance to engineers who work on complex technical security matters and designs impacting all the domains under Careem. You will keep raising the technical bar at Careem and ensuring that we build secure, scalable and business enabling solutions.

Team Support & Growth: Facilitate collaboration between InfoSec teams and other architects, engineers, business owners, and technical program managers to solve interesting and challenging infosec problems across our platform and services. You will help lead the security architecture documentation, code review process and continuously strive for higher quality and productivity.

Tech Leadership: You will work with different stakeholders at a senior level and engage proactively with all Careem engineering and product leads in different domains to ensure information security is at the top of mind across the teams.

What you’ll need:

• Minimum of 5 years of advanced / expert level experience with any combination of the following: threat modeling experience, cloud security, system security, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• Excellent knowledge of DevSecOps practices and technologies
• Deep understanding of AWS security capabilities and features and expert knowledge in securing and operationalizing AWS cloud technologies including but not limited to ECS, S3, ALB, RDS, DMS, KMS, Secrets Manager, Config, CloudWatch, Lambda, SNS, SQS (certification a plus)
• Hands on experience in SSDLC processes across a fast growth tech organization
• Experience with multiple programming languages (such as Golang, Java, Scala, Ruby, Python, PHP, Perl, Rust, C++, etc.)
• Familiarity with SRE, logging and monitoring and system engineering best practices
• Knowledge of and experience securing container, Microservices and API technologies
• Strong problem solving, oral and written communication skills including experience with executive presentations
• Strong understanding of software development methodologies including Agile and Scaled Agile centric execution models
• Holder of industry professional certifications in AWS cloud architecture and development is strongly preferred
• Hands-on knowledge of information security technologies such as security design review, threat modeling, secure code review, risk analysis, and penetration testing
• Ability to make concrete progress in the face of ambiguity and imperfect knowledge
• A strong bias for action with proven ability to handle high stress, time sensitive security tasks
• Strong information security risk-based prioritization abilities
• Excellent written and verbal communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts
• Ability to effectively articulate technical challenges and solutions; deal with loosely defined problems and fast changing requirements & think abstractly.
• Proven knowledge of system architecture.
• Experience in multi-tiered distributed systems, web services, APIs, and relational & NoSQL databases.

Preferred Skills and Qualification:

• Bachelors or higher  in Computer Science or equivalent discipline.
• 10+ years of experience in information security engineering. 
• Cloud security certifications are a plus.
• Excellent communication skills.
• Ability to juggle multiple projects at the same time.
• Able to take individual ownership of a project from start to finish.