Security Engineer

<p><strong>Title: Platform Security Engineer - SOC2 Certification Maintenance</strong></p><p><strong>Location: Labège, Toulouse, France (Hybrid – 3 days in a week)</strong></p><p><strong>Long-Term Contract. </strong></p><p><br /></p><p><strong>Job Description:</strong></p><p>we are looking for a Security Engineer to ensure maintenance of our SOC2 certification within the new scope. You will be responsible for adapting our security controls, documenting infrastructure changes related to the merger, and ensuring continuous compliance during and after the transition period. </p><p><strong>Responsibilities</strong></p><p><strong>SOC2 Certification Maintenance (Primary Focus): </strong></p><p>• Analyze the impact of the merger on current SOC2 certification scope </p><p>• Identify infrastructure, process, and control changes related to our integration</p><p>• Adapt and update existing SOC2 controls to reflect the new environment </p><p>• Document all system, process, and policy changes within the SOC2 framework</p><p>• Collaborate with integration Product teams to align security and compliance practices </p><p>• Organize evidence necessary for SOC2 Type 2 audit </p><p>• Identify and address compliance gaps discovered during transition </p><p>• Implement or adapt automated controls to maintain continuous compliance </p><p>• Train teams on new security and compliance procedures</p><p>• Prepare compliance reports and presentations for stakeholders </p><p>• Coordinate with IT, DevOps, and Engineering teams for control implementation </p><p><strong>Profile Requirements:</strong></p><p>• Bachelor’s degree in computer engineering or related field </p><p>• Minimum 5 years of experience in information security and compliance </p><p>• Expertise in SOC2 frameworks (Trust Services Criteria) and compliance audits </p><p>• Hands-on experience in preparing and maintaining SOC2 Type 1 and Type 2 certifications </p><p>• Deep understanding of security controls (access control, change management, monitoring, incident response)</p><p>• Experience in documentation and evidence collection for external audits </p><p>• Knowledge of complementary security standards (ISO 27001, NIST, CIS Controls) </p><p>• Experience with GRC tools (ServiceNow GRC, Vanta, Drata, Secureframe)</p><p>• Skills in risk assessment and impact analysis</p><p>• Ability to work with external auditors and respond to compliance questionnaires</p><p>• Excellent documentation and communication skills</p><p>• Ability to explain security concepts to non-technical audiences </p><p>• Proficiency in Engslish (oral and written)</p><p></p>