Senior Security Engineer

The purpose of this role is to ensure the security and safety of software applications by identifying potential threats and vulnerabilities and developing strategies to prevent them. The role serves as a bridge between security and development, ensuring that applications are designed, developed, and deployed securely.

Key Responsibilities:

• Collaborating with Developers and Operations Teams to ensure that security is integrated into every software development lifecycle (SDLC) stage. This involves guiding developers on secure coding practices, participating in code reviews to identify potential vulnerabilities, and advising on remediation strategies.

• Collaborate with operations teams to ensure that security measures are effectively implemented in production environments and help design and implement secure network architectures.

• Security Reviews and Threat Modelling - conducting security reviews to evaluate applications for potential vulnerabilities and non-compliance with security standards. Understanding the application's architecture, identifying potential attack vectors, and devising strategies to mitigate these threats.

• Integrating Security Tools and Processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process.

• Responding to Security Incidents in the event of a security incident or breach, assisting in the response and recovery process. This involves investigating the incident, identifying the cause, and implementing measures to prevent similar incidents in the future.

• Training and Awareness - raising awareness about application security within the Company. This involves conducting training sessions for developers and other IT professionals on secure coding practices, security standards, and the latest security threats and countermeasures.

• Fostering a culture of security within the Company, promoting the importance of security, encouraging the adoption of secure practices, and ensuring that security is considered at every level of the organisation.

Technical Skills:

• Proficiency in multiple programming languages Expertise in various programming languages as an application security engineer. This includes writing code and a deep understanding of the complexities and security vulnerabilities inherent in different languages. Proficiency in Java, C#, Python, and Ruby is advantageous.

• Knowledge of secure coding practices Secure coding practices are a set of guidelines that developers follow to prevent vulnerabilities and security flaws in their code. These practices may include input validation, output encoding, and proper error handling.

• Familiarity with security frameworks and standards Knowledge of industry-standard frameworks and standards such as the OWASP Top 10, the CWE Top 25, and ISO 27001. You will use this knowledge to design and implement secure systems that meet industry expectations.

• Understanding of web application architecture Comprehensive understanding of how different components of the application work together and the potential security risks associated with each component. Such components include the server, client, and database interactions. In-depth knowledge of different architectural patterns, such as the Model-View-Controller (MVC) and microservices.

• Proficiency with security tools and technologies These include static analysis tools, dynamic analysis tools, and penetration testing tools. Additional knowledge areas must include security technologies such as firewalls, intrusion detection systems, and encryption.

Qualifications, Skills and Experience:

• A Bachelor's degree in Computer Science, Information Security

• 5 years experience in a similar application security role

• 5 years of development experience with proficiency in C#, Java, and Python

• Relevant information security certifications include CEH, OSCP, OSCE, LPT, and others.

• Knowledge and experience in international information security standards and personal data protection standards, such as ISO 27XXX, NIST, PCI DSS, and GDPR, are preferred.

• Knowledge and experience with information security standards and frameworks, such as OAuth, WSSecurity, X.509, SSL/TLS, etc., are desirable.

• Experience in CTF or bug bounty programs, knowledge of DevSecOps practices and tools, and experience in web or mobile app development is a plus.