Information Security Analyst
Gelato has built the world's largest and most global platform for on-demand production and fulfillment of customized products. Today, those products are part of huge markets, such as apparel, wall-art, drinkware, digitally printed books, greeting cards. In the future, the market opportunities are endless thanks to new technologies such as 3D printing. We support a new wave of e-commerce entrepreneurs to sell their creativity globally, with a more local and sustainable production. With local production and exact matching of supply and demand, there is no waste, and carbon emissions are reduced.We support a new wave of e-commerce entrepreneurs and the global shift towards local and more sustainable production.
We own no assets - we build the software that connects world-class production facilities all across the world. We have more than 100 production partners in 32 countries. In 72 hours we can reach more than 5 billion people with customized products in a smarter, faster, and greener way.
We own no physical production assets, nor servers, instead our asset is a cloud based connectivity platform that enables world-class on-demand production for e-commerce platforms and applications. This engineered platform needs to provide our customers access to more than 130 production partners in 32 countries and includes production plate design, routing to an appropriate partner, finally linking to logistics’ systems for delivery to the consumer. All this in 72 hours and reaching more than 5 billion people and potential consumers in a smarter, faster, and greener way.
Imagine a seamless production platform that empowers our B2C, B2B, and SaaS customers to innovate with speed, security, and boundless scalability. At the heart of this vision stands our Platform Team, committed to delivering an exceptional cloud-native foundation that fuels Gelato's engineering prowess.
Our mission is to empower Gelato's engineering teams with world-class infrastructure that pioneers new frontiers in accelerating delivery and optimizing our production platform. This mission encompasses critical facets of our platform: rock-solid reliability, visionary systems for observability, agile deployment strategies and the cutting-edge realms of DevOps, DevSecOps, and FinOps.
Following our global expansion, we are looking for a passionate Information Security Engineer to join our effort of protecting Gelato and, most importantly, our customer's data.
We are looking for people who want to make the Gelato platform safer for millions of users around the world. We’d love to talk to you if you’re a talented individual who is passionate about finding security weaknesses and crafting scalable and usable solutions. We are enablers who make it easier for engineers to create secure features, not blockers.
Reporting directly to the VP of Information Security, you will work closely with Product Managers and Tech Engineers.
What you'll be doing
- Collaborate closely with Product Design and Software Engineering to align with security features, roadmaps and ensure timely delivery.
- Identify vulnerabilities and develop innovative, scalable solutions to enhance our defense-in-depth strategy. This involves conducting vulnerability scans, penetration testing, and source code reviews.
- Promote a security-conscious culture by educating all Gelato employees on security best practices. Offer input on secure system design and conduct code reviews to help engineers create robust solutions.
- Monitor and respond to security incidents, including the investigation of potential threats.
- Define and enhance measurements of security risk, effectively communicate these risks to senior leadership, and influence remediation plans.
- Ensure DR&BC plans and solutions are in place and kept up-to-date.
Who you are
- A degree (Master’s is a plus) in Computer Science, a similar technical field of study, or equivalent practical experience
- 3+ years experience in security engineering or a related discipline.
- Good understanding of implementation requirements for ISO27001 and/or SOC-2
- Experience designing and implementing production services, APIs, or security-specific libraries.
- Familiarity with cloud solutions, including AWS and GCP, and prior experience with tools like Cloudflare, ELK stack, and Burpsuite Professional, as well as scripting and programming skills, are advantageous.
- Strong strategic thinking, planning, and organizational skills.
- Fluency in English with excellent verbal and written communication abilities is a mandatory requirement.
- Hands-on certifications (such as OS*, CREST, etc) are considered a plus.
To be successful in this role, you will need to have a start-up mentality. You are committed to excelling with energy and endurance, while you understand that building a company is very hard, but that is what you want to achieve. You have superior communication skills, excellent interpersonal skills, high integrity, and great attention to detail. You are a natural and comfortable leader and have excellent problem-solving, organizational, and analytical skills. You are interested in keeping up with current best practices in your areas of expertise. You are a self-starter with the ability to excel with little to no direction. You are naturally curious. You have the ability to think creatively and holistically about reducing risk in a complex environment.
You will probably have a background in network administration, DevSecOps, or have worked as a programmer in the past. On top of this, you spent 3 or more years in a role focusing on Information Security, having performed security administration such as account management and/or firewall implementation, managing IDS/IPS, implementation of SIEM solutions and so forth, ethical hacking, or forensics and security investigations.
What it’s like to work at Gelato
We are a customer-obsessed team with the ambition to change the world by connecting technology to the printing industry and making it much more sustainable. Everyone who joins our team must feel genuinely intrigued and motivated by our mission. We expect a lot. We are a driven team with big goals, so we seek individuals who are genuinely passionate about their work and possess an entrepreneurial spirit. Our culture is unique and we live by our values, so it's worth learning more about our culture and how we work before presenting your application.