Is the Information Security Engineer role at Docorto remote?

The Information Security Engineer role at Docorto is an on-site position located in Sydney, New South Wales, Australia.

How do I apply for the Information Security Engineer position at Docorto?

You can apply for the Information Security Engineer position at Docorto directly through HireHere. Click the "Apply" button on the job listing to be taken to the application page.

Information Security Engineer

DocortoSydney, New South Wales, Australia2d ago

About CORTO

CORTO is a rapidly growing Australian AI technology company reimagining how legal professionals work and is part of ATI – one of the largest international LegalTech companies. Our AI-powered platform streamlines every day legal tasks - from document drafting, research and matter analysis, to intelligent filing and file-management - so lawyers, paralegals, and legal teams can focus on what really matters: delivering expert advice and excellent client service.

We’re rapidly scaling from 80 to 150+ employees, with a highly technical workforce where around 90% of the team are developers and engineers. Working alongside our Sydney-based team of passionate high achievers, you’ll join a fast-growing technology business where things rarely stay the same for long - and if you’re smart, caring, and ambitious, you’ll be in great company.

What you’ll do

We are seeking an Information Security Engineer with Cloud Security focus to join our dynamic Information Security team to help design, implement, and continuously improve security controls across our Cloud Infrastructures and organisation.

This is a hands-on, technical role leveraging industry-leading security tools and platforms, with a strong emphasis on security engineering, detection and response, vulnerability management, and compliance support. You will work closely with Development, AI Automation, DevOps, and Product teams to embed security and responsible AI practices by design across cloud, application, and AI-enabled workflows.

To make this happen you will:

Design, implement, and maintain security controls across Cloud environments, including IAM, networking, logging, encryption, and monitoring
Review cloud architectures and infrastructure-as-code to ensure alignment with security standards and best practices
Define and maintain cloud security guardrails, patterns, and technical standards
Manage, tune, and improve security tooling, including CNAPP, SIEM, XDR, and vulnerability scanning solutions
Monitor and respond to security alerts and incidents, supporting investigation, root cause analysis, and remediation
Conduct vulnerability assessments and risk analysis, and track remediation with engineering teams
Improve detection and response capabilities across cloud, SaaS, and application environments
Support secure SDLC practices, including threat modelling, design reviews, and security assessments
Assist with application, container, and API security activities as required
Support SOC 2 compliance, including control implementation, audits, and evidence collection using GRC tools
Assist with security questionnaires, customer trust requests, and third-party risk assessments
Maintain and improve security policies, standards, documentation, and playbooks
Collaborate closely with DevOps, Engineering, and IT teams to uplift security maturity
Stay current on cloud security threats, tooling, and industry best practices

What you’ll bring:

3-5 years of experience in Information Security Engineering roles.
Strong hands-on experience securing AWS environments.
Solid understanding of:

IAM, least-privilege access, and identity federation
Network security
Logging, monitoring, and alerting
Encryption in transit and at rest
Microsoft Entra and GCP security

Experience with at least some of the following:

SIEM and alerting platforms
Vulnerability management tools
Infrastructure-as-Code
Endpoint security and MDM

Good understanding of security frameworks such as SOC 2, CIS and NIST, or similar.
Familiarity with cloud security best practices and shared responsibility models.
Working knowledge of incident response processes.

You are the type of person who

Strong problem solving and analytical skills.

Ability to communicate security concepts clearly to technical and non-technical stakeholders.

Comfortable working in a fast paced AI SaaS environment.

Proactive, curious, and improvement focused mindset.

Ability to collaborate within a small, fast-paced team and across teams other teams

CORTO is an inclusive, people-first company committed to breaking down institutional barriers that keep people from reaching their potential. If you meet some, but not all the requirements above, we encourage you to still submit your application.

Why join CORTO?

Your work matters. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
Work with a group of authentic, passionate people who love what they do.
Well-funded and global. CORTO is part ofATI – one of the largest international LegalTech companies.
Flexible and hybrid working. We engage, share, and collaborate on ideas and workflows.
Career and learning opportunities; we move fast and need smart people to get us where we're going. We are a scaling business and looking for people who want to grow with us.
Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
We value your well-being - Wellness focus with additional time off, gym membership and other perks.
Fast-paced tech environment, if we don't disrupt ourselves someone else will do it!
Access to LEAP Home - a program unique to LEAP to support you in buying your primary residence.

Information Security Engineer

Explore Engineering

Skills in this job

People also search for