At JNCTN we are building the future of digital identity and credential management. We are on the forefront of technology for proving who you are and what you know, and how you acquire, manage and share this information.

Our SaaS platform is now becoming ubiquitous across Aotearoa’s energy sector, and we are setting our sights on further expansion into the American market. We have an opportunity for a skilled software engineer to help grow our team so we can scale our capabilities and achieve our ambitious goals.

About this role

As a Cybersecurity Engineer at JNCTN, you play a critical role in safeguarding our digital platforms, ensuring the security and privacy of customer credentials, and supporting compliance and resilience across our systems.

This is a hands-on, holistic security role. You won't just be writing policy; you will collaborate deeply with development, operations, and compliance teams to embed security into the DNA of our software and infrastructure. From hardening Azure pipelines to managing ISO 27001 compliance, you will touch every aspect of the security lifecycle.

Core responsibilities

1. Product & Application Security (AppSec & DevSecOps)

• Secure by Design: Champion secure design and coding practices for JNCTN’s SaaS platforms.
• Pipeline Integration: Embed security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) to automate testing and compliance.
• Vulnerability Management: Utilise SAST and DAST tools to identify, triage, and remediate vulnerabilities in web and mobile applications.
• Standards: Apply OWASP frameworks to mitigate threats specific to Verifiable Credentials and SaaS solutions.

2. Cloud Infrastructure & Identity (CloudSec & IAM)

• Azure Hardening: Continuously assess and harden our cloud infrastructure, utilising Azure Defender and native security tools.
• Identity Management: Manage the identity lifecycle for internal and external users, including SSO/MFA implementation, privileged access controls (PAM), and federation.
• Data Protection: Oversee encryption standards and Key Management Services to ensure absolute data confidentiality and integrity.

3. Governance, Risk & Compliance (GRC & Privacy)

• Regulatory Adherence: Maintain compliance with SOC2, ISO 27001, CCPA/US, and the Privacy Acts of NZ/AU.
• Risk Management: Conduct risk assessments, manage risk registers, and perform impact assessments for new features.
• Privacy Stewardship: Act as a key stakeholder in protecting user data, supporting responses to data subject requests and privacy inquiries.
• Vendor Security: Assess the security posture of third-party vendors, ensuring contractual SLAs meet JNCTN’s high security standards.

4. Security Operations (SecOps) & Incident Response

• Threat Hunting: Proactively monitor, detect, and triage alerts to identify potential threats before they escalate.
• Incident Response: Lead response activities including containment, forensic analysis, recovery, and post-incident reviews (tabletop exercises).
• Endpoint Security: Oversee the security posture of internal devices, ensuring our IT service provider maintains strict configuration and patch management standards.

What You Bring to the Team

Technical Skills

• Cloud Native: Deep expertise in Azure security ecosystems (Sentinel, Defender, Entra ID/Azure AD).
• DevSecOps: Proficiency in securing modern apps (React, API, .Net) and CI/CD pipelines (GitHub Actions).
• Tooling: Experience with SAST/DAST tools and vulnerability scanners.
• Frameworks: Strong grasp of OWASP, ISO 27001, and SOC2 controls.

Experience & Education

• Experience: 3–5+ years in a Cybersecurity Engineering, InfoSec, or related technical role.
• Track Record: Proven history in AppSec, Incident Response, or Cloud Security.
• Education: Bachelor’s degree in Computer Science/Cybersecurity or equivalent practical experience.
• Certifications: Relevant certifications (e.g., CISSP, CISM, AZ-500, CEH) are highly valued.

Soft Skills

• Communication: Ability to explain complex security risks to non-technical stakeholders.
• Problem-Solving: A "fixer" mindset—you don't just find problems; you help developers solve them.
• Autonomy: Highly independent and self-driven, capable of prioritising and managing tasks with minimal supervision.

A Day in the Life (BAU Tasks)

We believe in transparency. Here is what your routine might look like:

• Daily: Monitor Azure Defender alerts, manage quarantined items, triage urgent vulnerabilities, and sync with the dev team on secure design and code reviews.
• Weekly: Analyse security reports/trends, review and assign tickets in the tracking system, and ensure health checks on security sensors.
• Monthly: Conduct security posture reviews, update risk registers, and refine security policies based on new data.
• Quarterly: Perform user access reviews, plan infrastructure improvements, and assist with internal compliance audits.
• Yearly: Coordinate penetration testing, run disaster recovery drills, and support external ISO/SOC2 audits.

How we work

Our team collaborates both in-office and remotely in a work environment that promotes trust and equality as it strives for engineering and usability excellence. We actively evaluate and improve our processes, communication, and delivery when building our products.

We set goals and milestones to measure our success. Due to the innovative nature of our platform, we also constantly adjust our understanding based on the learnings and feedback we receive from our customers, user workshops and the rapidly changing ecosystem we work in.

We support our people to the best of our abilities so they in turn can do their best work