Senior Security Engineer

Are you a motivated Senior Security Engineer, willing to grow as a professional and work on large-scale projects, using different working approaches that are both diverse and cutting-edge? Are you passionate about innovative and top-notch software solutions and want to be part of like-minded professionals? Do you enjoy working in a fast-paced, yet collaborative environment?

If your answer is “Yes”, we would love to talk to you.

Who are we looking for?

We are looking for a dedicated, meticulous, and eager to further develop themselves Senior Security Engineer to join our growing team. In the role you will operate independently and as part of a team to ensure software, and related components are protected from cyberattacks. The job description will include working on different projects and analyzing current systems, software, or companies for vulnerabilities, and simulating cyberattacks to validate systems defense mechanisms. The job may also include working on projects and consulting customers, on how to implement Secure Software Development (including DevSecOps) and Application Security best practices. Candidates should have strong IT skills and an understanding of the cybersecurity domain in general.

What your responsibilities are going to be?

• Meeting with clients to discuss the security of their system, the approach, and answering technical questions.
• Design and implement application security strategies including Secure Software Development, improvement of the DevSecOps process or Application security in general.
• Researching systems, network structures, and possible penetration sites.
• Conducting multiple penetration tests, security audits and vulnerability assessments.
• Identifying and recording security flaws and breaches.
• Identifying areas of high-level security and reviewing and rating the security risk.
• Creating suggestions for remediation measures and security improvements.
• Compiling penetration tests and security reports.
• Monitoring public security advisories and alerts for information related to threats and vulnerabilities.
• Maintaining knowledge of current security trends and being able to clearly communicate them to the team.
• Developing unique, effective security strategies for software systems, networks, data centers, and hardware.
• Working independently or as part of a team as needed.

What qualifications are needed?

• Expert understanding of information security concepts, and “industry best practices”.
• In-depth technical knowledge of Application Security and experience in Vulnerability Assessment, Pentesting, Security Auditing
• Very good understanding of the software development life cycle(SDLC) and security configurations, practices and tools related to it.
• Very good understanding of IT Infrastructure components and their configurations.
• Understanding and knowledge and experience in DevSecOps or securing the CI/CD process.
• In-depth knowledge of stages, phases and techniques of Ethical Hacking such as, but not limited to parameter manipulation, session/server hijacking, XSS, CSRF, DDoS, Social Engineering
• Understanding of IT Infrastructure components and their configurations: Applications and their server platforms, Windows and Linux Environments, and Storage.
• Good understanding of packet analysis, sniffing, scanning networks and network security
• Experience with protocols and encryption mechanisms.
• Scripting experience: PowerShell, Bash and or Python or any other programming language.
• Security Consulting experience
• Good troubleshooting skills.
• Ability to see big-picture system flaws.
• Oral/written communication and client-facing skills.
• Positivity and commitment to professional development.
• English language proficiency (spoken and written).

What would be considered as an advantage?

• SSDLC experience (Treat Modelling; Patch Management, Secure Code Writing and Design).
• Mobile Security (iOS and Android) experience
• Cloud Security know-how.
• Hands-on experience with security frameworks and standards such as PCI-DSS, HIPAA, ISO27001, SOC2, SOX, GDPR, OWASP, NIST, CIS, MITRE, SANS and etc.

All applicants will be treated with strict confidentiality. Only shortlisted candidates will be contacted.