- You will be on a team responsible for the continuous assessments of the technologies in use within the business making use of various TTPs (Tools, Techniques and Procedures) to ensure that they are secure.
- A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of complex decisions.
- You would need to have the ability to take a long-term view of the company security posture to proactively fix architectural deficiencies.
Qualifications:
- 4+ years experience in software security.
- Bachelors degree in Computer Science or similar field or equivalent work experience is desirable
- Role relevant qualifications, i.e., Security Testing.
- 3+ years of proficiency in at least 1 scripting programming language, familiarity with Java, and familiarity with Python
Requirements:
- Passionate about internet security issues and the threat landscape for popular software & services
- Candidate must possess good oral and written communication skills.
- Experience with the design and implementation of technical security controls.
- Experience performing or supporting Team engagements with an understanding of a holistic assessment
- Experience with full-stack (Linux / Unix) software architectures from UI to infrastructure.
- Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.
- Experience with micro-service, API-based agent, or service-oriented software architectures.
- Operations experience with CI/CD development or managing distributed systems
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
Responsibilities:
- Contribute to the design, implementation, and execution of security review and test methodologies for the testing of the company services. Ensuring remediation of risks by partnering with service teams.
- Perform a rolling security review across the estate by penetration testing and teaming on production systems
- Scope and perform real-life attack scenarios to test and measure the company detection capability and at the same time determine detection thresholds, silent to noisy.
- Work with development teams across the company to create comprehensive security tooling and functional improvements at scale.
- Assist with Incident Response if and when called upon and validate that detective and preventative technology approaches work on the newest threats.
- Be a mentor for other members in the team