Full Job Description
We’re looking for a dedicated, and meticulous Security Engineer to join our growing team. In this role, you will work independently and as part of a team to ensure that software and related components are protected from cyberattacks. Job duties will include working on a variety of projects and analyzing current systems, software, or companies for vulnerabilities, as well as simulating cyber attacks to test systems protection mechanisms.
Responsibilities:
- Meeting with customers to discuss their system security, and approach, answering technical questions.
- Discuss and suggest improvements to existing application security strategies, including secure software development, DevSecOps process improvements, or application security in general.
- Researching systems, network structures, and possible penetration points.
- Conducting multiple penetration tests, security audits, and vulnerability assessments.
- Identification and logging of security flaws and breaches.
- Identification of high-security areas, security risk analysis, and assessment.
- Development of proposals for remediation and security improvements.
- Reporting on penetration and security tests.
- Monitoring public security advisories and alerts for threat and vulnerability information.
- Maintaining knowledge of current security trends and the ability to clearly communicate them to the team.
- Develop unique, effective security strategies for software systems, networks, data centers, and hardware.
- Working independently or as part of a team as needed.
Requirements:
- Technical knowledge in application security and experience in vulnerability assessment, pen-testing, and security audits.
- Understanding of the software development life cycle (SDLC) and related configurations, practices, and security tools.
- Understanding of IT infrastructure components and their configurations.
- Experience in mobile security (iOS and Android), including pen testing.
- In-depth knowledge of ethical hacking steps, phases, and techniques such as, but not limited to, parameter manipulation, session/server hijacking, XSS, CSRF, DDoS, and social engineering.
- Understanding of IT infrastructure components and their configurations: Applications and their server platforms, Windows and Linux environments, storage systems.
- Good understanding of packet analysis, sniffing, network scanning, and network security.
- Experience with protocols and encryption mechanisms.
- Experience with scripting: PowerShell, Bash Python, or any other programming language.
- Good troubleshooting skills.
- Ability to see system flaws close-up.
- Oral/written communication and customer relations skills.
Positivity and desire for professional development.
Knowledge of English (conversational and written).