Information Security Engineer

About CORTO

We are CORTO, a cutting-edge software company dedicated to revolutionising the legal industry. Our mission is to empower legal practitioners with AI-driven solutions that streamline their workflow, boost productivity, and provide more efficient client service.

Our team of AI experts and engineers collaborate to develop intelligent software tailored to the unique needs of lawyers, paralegals, and legal assistants.

Our innovative AI solutions automate routine tasks, simplify document management, and enhance decision-making, allowing legal professionals to focus on what they do best—providing expert legal counsel.

We’re rapidly scaling from 80 to 150+ employees, with a highly technical workforce where around 90% of the team are developers and engineers. Working alongside our Sydney-based team of passionate high achievers, you’ll join a fast-growing technology business where things rarely stay the same for long - and if you’re smart, caring, and ambitious, you’ll be in great company. 

What you’ll do

You’ll join our dynamic Information Security team to help design, implement, and continuously improve security controls across our Application Infrastructures and organisation. 

This is a hands-on, technical role leveraging industry-leading security tools and platforms, with a strong emphasis on security engineering, detection and response, vulnerability management, and compliance support. You’ll work closely with Development, AI Automation, DevOps, and Product teams to embed security and responsible AI practices by design across cloud, application, and AI-enabled workflows. 

To make this happen you will

• Design, implement, and maintain cloud security controls across IAM, networking, logging, encryption, monitoring, and related infrastructure. 

• Review cloud architectures and infrastructure-as-code to ensure alignment with security standards, best practices, and secure design principles. 

• Define and maintain cloud security guardrails, technical standards, patterns, documentation, and playbooks. 

• Manage and improve security tooling, including CNAPP, SIEM, XDR, vulnerability scanning, detection, and response capabilities. 

• Monitor, investigate, and respond to security alerts and incidents, including root cause analysis and remediation tracking. 

• Conduct vulnerability assessments, risk analysis, threat modelling, design reviews, and application, container, and API security assessments. 

• Support SOC 2 compliance, customer trust requests, security questionnaires, third-party risk assessments, and collaboration with DevOps, Engineering, and IT teams. 

What you’ll bring

• 3–5 years of experience in Information Security Engineering roles. 

• Strong hands-on experience securing AWS environments. 

• Solid understanding of: 

• IAM, least-privilege access, and identity federation 

• Network security 

• Logging, monitoring, and alerting 

• Encryption in transit and at rest 

• Microsoft Entra security 

• Vulnerability management tools 

• Endpoint security and MDM  
• Good understanding of security frameworks such as SOC 2, CIS and NIST, or similar. 

• Familiarity with cloud security best practices and shared responsibility models. 

• Working knowledge of incident response processes 

Even better if you have

• Experience in SaaS or regulated industries. 

• AI Security Exposure, generative AI security risks, such as prompt injection, data leakage, and model misuse 

• AWS Certifications, such as: 

• AWS Solutions Architect Associate 

• AWS Security 

• Security certifications, such as: 

• Security+ 

• OSCP or similar 

You are the type of person who

• Strong problem-solving and analytical skills – you dig into complex issues and find pragmatic solutions. 

• Able to communicate security concepts clearly to both technical and non-technical stakeholders. 

• Comfortable working in a fast-paced AI SaaS environment where things change quickly. 

• Collaborative by default – you work well within a small team and across engineering, product, and beyond. 

CORTO is an inclusive, people-first company committed to breaking down institutional barriers that keep people from reaching their potential. If you meet some, but not all the requirements above, we encourage you to still submit your application.

Why join CORTO?

• Your work matters. We solve real world problems that improve and support local, everyday law firms. So they can do their best work for the people in the communities they serve.
• Make an impact. You won’t be another ‘cog in the wheel’ here. We give full trust and autonomy for you to be heard, to work on big & complex projects – and to make a real difference.
• Work with a group of authentic, passionate people who love what they do.
• Well-funded and global. CORTO is part of ATI Global – one of the largest international LegalTech companies.
• Flexible and hybrid working. We engage, share, and collaborate on ideas and workflows.
• Career and learning opportunities - we move fast and need smart people to get us where we're going. We are a scaling business and looking for people who want to grow with us.
• Have fun with us. Celebrations. Socials. Sports teams. Access to sailing and yacht events.
• We value your well-being with additional time off, gym membership and other perks.
• Fast-paced tech environment, if we don't disrupt ourselves someone else will do it!
• Access to LEAP Home - a program unique to the ATI Group to support you in buying your primary residence.