Security Engineer

Responsibilities

Involve in Red Team activities:

• Perform penetration testing of Web and Mobile (iOS Android Windows and Mac) applications
• Own the vulnerability management lifecycle from identification remediation to reporting
• Active monitoring and detection of operational security risks in the organization
• Conduct technical investigations on security incidents and tools
• Liaise directly with users on security enquiries and concerns during Presales and Support

Conduct engagement with the Blue Team for the following:

• Work with engineering and DevOps teams to implement security best practices
• Implement and improve workflows to automate vulnerability detection as part of the software development lifecycle
• Review risks and patches of software components used in the applications
• Facilitate threat modelling as part of the software development lifecycle
• Help in security awareness training
• Help in implementing the needed controls for different certification bodies such as ISO 27001 and SOC Type 2

Qualifications

• At least 5 years of experience in application security testing and assessments
• Solid understanding of cybersecurity principles standards and protocols such as OWASP Top 10 and SANS Critical Security Controls
• Experience with application security tools as Burpsuite OWASP ZAP Metasploit Sonarqube (experience with Ghidra or IDA is a plus)
• Experience with programming languages such as Java JavaScript C/C
• Experience with scripting languages such as bash or Powershell
• Experience and knowledge of cloud solutions and architectures such as AWS
• Experience and knowledge of Security information and event management (SIEM) technologies
• Good analytical skills
• Strong sense of ownership
• Technical and industry certifications such as CISA CISM CISSP are a plus

Hiring Condition: Successful completion of background checking will be required as a condition of hire.

Remote Work :

No