Believe logo
Believe

Believe is a global artist development company. We empower local artists, labels and publishers to grow their audiences at each stage of their careers with expertise, respect, fairness and transparency. Operating in 50+ countries, with more than 2,000 employees, Believe offers a full range of services including audience development, publishing, marketing and distribution, with a tailor-made approach to fit any artist, label or publisher. Believe champions independence and innovation through a unique model that combines local expertise with a global tech platform, delivering exclusive solutions for artists to promote and monetize their music thanks to strategic partnerships with leading global digital service providers. With a leading portfolio of brands that includes Nuclear Blast, naïve, TuneCore, Groove Attack, Sentric, AllPoints and Byond, Believe artists generated more than 800 billion streams worldwide in 2024 across all genres, and were recognized with more than 70 leading industry awards. Believe is a simplified joint-stock company under French law.

Senior Cybersecurity GRC

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,001-5,000

Location

France

Posted

5 days ago

Salary

0

Seniority

Senior

Job Description

Senior Cybersecurity GRC

Believe

Role Description We’re hiring a Security GRC Engineer to help us build governance, risk, and compliance in a way that actually works in a modern tech organization: pragmatic, automation-friendly, and aligned with agile delivery. This is not a “paperwork” job. You’ll partner closely with engineering, product, workplace, auditors, and security to turn risk management and compliance into clear, usable guardrails and you’ll challenge processes that create friction without improving security. - Risk management that drives decisions - Run lightweight, continuous risk assessment and threat modelings with teams (not once-a-year rituals). - Translate risk into clear options: impact, likelihood, tradeoffs, and recommended actions. - Track remediation plans and provide visibility through simple reporting. - Build practical governance - Maintain and improve security policies/standards so they’re short, actionable, and adopted. - Create control objectives that fit real engineering workflows (CI/CD, cloud, SaaS, identity). - Compliance, without the theater - Support audits and evidence collection with a focus on efficiency and reusability. - Help align our program with recognized frameworks (e.g., NIST) in a pragmatic way. - Develop “compliance-as-code” habits where possible (automated checks, continuous evidence). - Third-party risk (vendors, partners) - Drive assessments, follow-ups, and risk treatment with procurement and stakeholders. - Push for scalable vendor processes (tiering, standard questionnaires, measurable requirements). - Security enablement - Create playbooks, templates, and self-service material that teams can use without heavy guidance. - Coach teams to understand risk and make better security choices early in delivery. Qualifications - Experience in GRC / risk / compliance in a tech environment (security, cloud, SaaS, engineering orgs). - Strong understanding of security fundamentals: identity, access, logging, incident response, cloud shared responsibility, secure SDLC (at a practical level). - Ability to write simple, clear policies/standards and translate requirements into engineering-friendly controls. - Comfort with ambiguity and agility: you can iterate, prioritize, and deliver incremental improvements. - Excellent stakeholder skills: you can influence without authority, challenge respectfully, and get things done. Requirements - Bonus points for experience aligning programs to frameworks (NIST CSF, ISO 27001, SOC 2, etc.). - Experience with vendor risk platforms or automation (workflows, evidence collection, dashboards). - Familiarity with “compliance as code” concepts, continuous controls monitoring, or security tooling. - Experience partnering with product/engineering teams on secure-by-design practices. Benefits - Tailor-made training and coaching program. - Remote working policy. - A wellness program "Pauses" with many activities and animations in-house. - Access to Eutelmed, a digital mental health and well-being platform that allows you to speak with an experienced psychologist. - A healthy and eco-responsible company restaurant. - Individual or family health insurance. - CSE benefits. - A rooftop. - A gym with free classes.

Related Categories

Related Job Pages

More Security Engineer Jobs

Netrix Global logo

Information Security Engineer

Netrix Global

IT Consultant & Managed Service Provider

Full TimeRemoteTeam 501-1,000Since 1990H1B No Sponsor

Role Description We are looking for an experienced and knowledgeable Information Security Engineer (Tier 3) to join our team! As an Information Security Engineer, you will be responsible for planning, implementing, and managing the overall security strategy for our managed customers. The ideal candidate should have strong understanding of cloud native SIEM solutions, Endpoint and Network security tools and compliance requirements. - Work closely as part of the team, and be independent to handle incidents, and drive incidents to resolution as well as learning and improving from them. - Collaborate with colleagues on various security projects and contribute towards best practices of processes, technology used and overall security awareness. - Maintain a teamwork mentality, working closely with colleagues on projects, learning from and supporting each other. - Maintain and improve the security technologies deployed, including creating use cases, customizing, or better configuring the tools based on past and current threats. - Adopt a quality service approach, proactively pointing out possible issues, providing detailed reporting, and staying available for support until an issue is resolved. - Be detail-oriented and flexible-minded to contribute to the 24/7 defensive capabilities of the SOC for the overall security of the organization and customers. - Exhibit curiosity, problem-solving mentality, and a keen interest in growing in the security area. - Analyze logs (from Security Information & Event Management system) and other sources to create reports and better prepare for suspicious events or malicious efforts. - Have solid experience working in a SOC environment, with a good understanding of network & application security and vulnerability management. - Possess good communication skills to interact with colleagues locally and internationally from both technical and non-technical backgrounds. - Perform penetration testing, vulnerability scanning, and manage and track remediation of identified vulnerable systems. Qualifications - 5+ years of Information Security experience - Working experience with integration with different security systems and devices - 2+ years coding and scripting experience in Python, Linux shell scripting or Windows Powershell scripting - Working experience and knowledge of SOAR platforms and solutions - 2-4 years of systems analysis - Working knowledge of Linux and syslog from CLI - Experience with computer network/application penetration testing and techniques - Proven ability and experience performing moderately complex security analysis for information technology - Excellent writing and communications skills in English - Familiarization with a variety of information and network security tools (Azure Sentinel SIEM, QRadar SIEM, Splunk, McAfee Security Suite, Cisco IDS/IPS, Tenable Nessus, and Palo Alto, among others) - Familiarization with a variety of Network Access Control software (Cisco ISE, ForeScout, etc.) - SQL or KQL knowledge is considered an advantage - Operational knowledge of API is considered an advantage Education Preferred - Bachelor's degree in computer information systems or related field Industry Certifications - Certified Information Systems Security Professional (CISSP) - Information Systems Security Engineering Professional (CISSP-ISSEP) - Systems Security Certified Practitioner (SSCP) - CompTIA Security+ - Certified Ethical Hacker (CEH) - Certified Security Analyst (ECSA) - Certified Incident Handler (ECIH) - CompTIA Cybersecurity Analyst (CSA+) - Information Technology Infrastructure Library (ITIL) - Cisco CCNA - Cisco CCNP + Security - MCSE - Linux+ Shift - Monday - Friday 8 AM - 5 PM CT, US Business hours (Central) with on-call participation. The shift may be rotated/changed based on support coverage requirements.

Bulgaria
Petvisor logo

Website Security Engineer

Petvisor

Petvisor is the parent company of several leading tech companies — serving the vet health and pet services industries.

ContractRemoteTeam 51-200H1B No Sponsor

• Proactively manage security functions on WordPress-based websites, including security updates, to maintain a hardened environment. • Monitor centralized server logs, Web Application Firewalls (WAF), and malware alerts to identify and neutralize threats before they escalate. • Act as the primary internal point of contact during website product security incidents, driving containment, remediation, and thorough post-mortem analysis • Develop and enforce a "Security Gold Standard" checklist for all new site launches and third-party integrations. • Translate complex technical logs and security posture data into actionable insights for leadership teams. • Coordinate with internal stakeholders to provide transparent updates and guide client-facing teams on sensitive security communications.

Sri Lanka
Drivetrain logo

Security Engineer

Drivetrain

Strategic finance platform for the modern business

Full TimeRemoteTeam 11-50H1B Sponsor

• Design, implement, and maintain security controls across cloud infrastructure (AWS/GCP), CI/CD pipelines, and internal systems • Lead application security efforts: threat modeling, secure code review, and integrating SAST/DAST tooling into the development lifecycle • Own vulnerability management — triage, prioritize, and drive remediation of findings from scans, pen tests, and bug bounty reports • Monitor for and respond to security incidents; build and maintain incident response runbooks • Manage identity and access controls (SSO, RBAC, least-privilege enforcement) across internal and customer-facing systems • Support customer security questionnaires, audits, and certifications (e.g., SOC 2, ISO 27001) • Partner with engineering teams to embed secure-by-design practices into new features and services • Evaluate and implement security tooling (secrets management, endpoint protection, cloud security posture management) • Educate the broader team on security best practices and champion a security-first culture

India
Loft logo

Senior Security Engineer – Product Security

Loft

Viramos a chave do mercado imobiliário para que mais pessoas realizem o sonho do lar ideal. #ViradaDeChaveLoft

Full TimeRemoteTeam 1,001-5,000Since 2018H1B Sponsor

• Lead Product Security and Cloud Security initiatives from design through operation • Influence architecture and product decisions, embedding security from development through production • Protect applications, APIs, and AWS environments, balancing security, performance, and availability • Proactively identify and mitigate risks, prioritizing automation and scalability • Serve as a technical reference for engineering teams, promoting best practices and reducing friction in the SDLC • Continuously evolve the security posture for cloud, applications, and generative AI • Define and operate protection strategies for applications and APIs using WAF/WAAP (preferably Azion) • Lead API security efforts, mitigating risks described in the OWASP API Security Top 10 • Improve AWS security posture using CSPM/CNAPP (Wiz or similar), Security Hub, GuardDuty, Inspector, and other native services • Develop automations for vulnerability remediation and security processes • Integrate security into the SDLC through threat modeling, security reviews, and AppSec practices • Define controls for the safe use of AI in engineering and products • Support incident response, technical documentation, and risk indicators

Brazil