Information Security Engineer

About CORTO

CORTO is a rapidly growing Australian AI technology company reimagining how legal professionals work and is part of ATI – one of the largest international LegalTech companies. Our AI-powered platform streamlines every day legal tasks - from document drafting, research and matter analysis, to intelligent filing and file-management - so lawyers, paralegals, and legal teams can focus on what really matters: delivering expert advice and excellent client service.

We’re rapidly scaling from 80 to 150+ employees, with a highly technical workforce where around 90% of the team are developers and engineers. Working alongside our Sydney-based team of passionate high achievers, you’ll join a fast-growing technology business where things rarely stay the same for long - and if you’re smart, caring, and ambitious, you’ll be in great company.

What You’ll Do

We are seeking an Information Security Engineer with Cloud Security focus to join our dynamic Information Security team to help design, implement, and continuously improve security controls across our Cloud Infrastructures and organisation.

This is a hands-on, technical role leveraging industry-leading security tools and platforms, with a strong emphasis on security engineering, detection and response, vulnerability management, and compliance support. You will work closely with Development, AI Automation, DevOps, and Product teams to embed security and responsible AI practices by design across cloud, application, and AI-enabled workflows.

To Make This Happen You Will

• Design, implement, and maintain security controls across Cloud environments, including IAM, networking, logging, encryption, and monitoring
• Review cloud architectures and infrastructure-as-code to ensure alignment with security standards and best practices
• Define and maintain cloud security guardrails, patterns, and technical standards
• Manage, tune, and improve security tooling, including CNAPP, SIEM, XDR, and vulnerability scanning solutions
• Monitor and respond to security alerts and incidents, supporting investigation, root cause analysis, and remediation
• Conduct vulnerability assessments and risk analysis, and track remediation with engineering teams
• Improve detection and response capabilities across cloud, SaaS, and application environments
• Support secure SDLC practices, including threat modelling, design reviews, and security assessments
• Assist with application, container, and API security activities as required
• Support SOC 2 compliance, including control implementation, audits, and evidence collection using GRC tools
• Assist with security questionnaires, customer trust requests, and third-party risk assessments
• Maintain and improve security policies, standards, documentation, and playbooks
• Collaborate closely with DevOps, Engineering, and IT teams to uplift security maturity
• Stay current on cloud security threats, tooling, and industry best practices
  
  

What You’ll Bring

• 3-5 years of experience in Information Security Engineering roles.
• Strong hands-on experience securing AWS environments.
• Solid understanding of:
• IAM, least-privilege access, and identity federation
• Network security
• Logging, monitoring, and alerting
• Encryption in transit and at rest
• Microsoft Entra and GCP security
  
  

Experience With At Least Some Of The Following

• SIEM and alerting platforms
• Vulnerability management tools
• Infrastructure-as-Code
• Endpoint security and MDM
• Security tools, such as Wiz, CrowdStrike, Snyk and Aikido
  
  

Good understanding of security frameworks such as SOC 2, CIS and NIST, or similar. Familiarity with cloud security best practices and shared responsibility models. Working knowledge of incident response processes.

You Are The Type Of Person Who

• Strong problem solving and analytical skills.
• Ability to communicate security concepts clearly to technical and non-technical stakeholders.
• Comfortable working in a fast paced AI SaaS environment.
• Proactive, curious, and improvement focused mindset.
• Ability to collaborate within a small, fast-paced team and across teams other teams
  
  

CORTO is an inclusive, people-first company committed to breaking down institutional barriers that keep people from reaching their potential. If you meet some, but not all the requirements above, we encourage you to still submit your application.

Why join CORTO?

• Your work matters. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
• Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
• Work with a group of authentic, passionate people who love what they do.
• Well-funded and global. CORTO is part ofATI – one of the largest international LegalTech companies.
• Flexible and hybrid working. We engage, share, and collaborate on ideas and workflows.
• Career and learning opportunities; we move fast and need smart people to get us where we're going. We are a scaling business and looking for people who want to grow with us.
• Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
• We value your well-being - Wellness focus with additional time off, gym membership and other perks.
• Fast-paced tech environment, if we don't disrupt ourselves someone else will do it!
• Access to LEAP Home - a program unique to LEAP to support you in buying your primary residence.