Security Engineer

Are you a seasoned Security Engineer willing to grow as a professional and work on large-scale projects, using technology stack that is both diverse and cutting-edge? Are you passionate about innovative and top-notch software solutions and want to be part of like-minded professionals? Do you enjoy working in a fast-paced, yet collaborative environment?

If your answer is “Yes”, we would love to talk to you.

Who are we looking for?

We are looking for a dedicated, meticulous, and eager-to-learn new technologies Security Engineer to join our growing team. In the role, you will operate independently and as part of a team to ensure software, and related components are protected from cyberattacks. The job description will include working on different projects and analyzing current systems, software or companies for vulnerabilities, and simulating cyberattacks to validate systems defense mechanisms. The job may also include working on projects related to the implementation of Secure Software Development (including DevSecOps) and Application Security best practices. Candidates should have strong IT skills and an understanding of the cybersecurity domain in general.

What your responsibilities are going to be?

• Meeting with clients to discuss the security of their system, and confident in answering technical questions.
• Discussing and suggesting improvements on existing application security strategies including Secure Software Development, improvement of the DevSecOps process or Application security in general.
• Researching systems, network structures, and possible penetration sites.
• Conducting multiple penetration tests, security audits and vulnerability assessments.
• Identifying and recording security flaws and breaches.
• Identifying areas of high-level security and reviewing and rating the security risk.
• Creating suggestions for remediation measures and security improvements.
• Compiling penetration tests and security reports.
• Monitoring public security advisories and alerts for information related to threats and vulnerabilities.
• Maintaining knowledge of current security trends and be able to clearly communicate them to the team.
• Developing unique, effective security strategies for software systems, networks, data centers, and hardware.
• Working independently or as part of a team as needed.

What qualifications are needed?

• Technical knowledge of Application Security(WEB App) and experience in Vulnerability Assessment, Pentesting, Security Auditing
• Understanding of the software development life cycle(SDLC) and security configurations, practices and tools related to it.
• Understanding for IT Infrastructure components and their configurations.
• Mobile Security (iOS and Android) experience, pen testing included.
• In-depth knowledge of stages, phases and techniques of Ethical Hacking such as, but not limited to parameter manipulation, session/server hijacking, XSS, CSRF, DDoS, Social Engineering
• Understanding of IT Infrastructure components and their configurations: Applications and their server platforms, Windows and Linux Environments, and Storage.
• Good understanding of packet analysis, sniffing, scanning networks and network security
• Experience with protocols and encryption mechanisms.
• Scripting experience: PowerShell, Bash and or Python or any other programming language.
• Good troubleshooting skills.
• Ability to see big-picture system flaws.
• Oral/written communication and client-facing skills.
• Positivity and commitment to professional development.
• English language proficiency (spoken and written).

What would be considered as an advantage?

• SSDLC experience (Treat Modelling; Patch Management, Secure Code Writing and Design).
• Experience in DevSecOps or securing the CI/CD process.
• Cloud Security know-how.
• Hands-on experience with security frameworks and standards such as PCI-DSS, HIPAA, ISO27001, SOC2, SOX, GDPR, OWASP, NIST, CIS, MITRE, SANS and etc.

All applicants will be treated with strict confidentiality. Only shortlisted candidates will be contacted.