As a Secure Application Specialist, you will work collaboratively with the entire Technology team, although this may extend to other teams and other other systems, to drive our internal information security program and cyber resilience goals.
You’ll help us scale our information security program and compliance efforts by being a proactive, force multiplier across teams, especially our engineering teams who are building our various products and services. This role will focus on playing a key role in identifying security vulnerabilities as early as possible, and working with the teams to educate on these vulnerabilities and improve our coding practices to shift security as far left in the development process as possible.
How you’ll be making a difference:
- Security Architecture and Implementation
- Design and implement security solutions for applications and infrastructure.
- Develop and maintain security architectures for APIs and integrations.
- Collaborate with development teams to ensure secure coding practices.
- API Security
- Implement and enforce security measures for API endpoints.
- Conduct regular security assessments of APIs and remediate vulnerabilities.
- Develop automated tools and scripts to enhance API security.
- Compliance and Best Practices
- Ensure compliance with PCI DSS standards and other regulatory requirements.
- Conduct code reviews and security assessments to ensure compliance.
- Assist with documenting and maintaining security policies, procedures, and standards, especially with regard to the scope of the role.
- Penetration testing
- Regularly conduct vulnerability assessments and penetration tests across all systems.
- Facilitate and coordinate the remediation of findings with the relevant engineering teams.
- Incident Response and Monitoring
- Assist in the investigation and response to security incidents.
- Implement and manage security monitoring tools such as SIEM and IDS/IPS.
- Perform regular log analysis and threat hunting.
- Development and Automation
- Write secure code and develop security tools and scripts.
- Automate security processes and workflows to enhance efficiency.
- Integrate security tools into CI/CD pipelines.
- Continuous Improvement
- Stay updated with the latest security threats and technologies.
- Participate in security research and development activities.
- Provide recommendations for improving the security posture.
- Secure Coding Techniques and Best Practices
- Assist with providing training and knowledge sharing with development team members.
- Assist with creating guides, standards, and other content to support teams in this regard.
- Red team/Blue team exercises
- Threat intelligence monitoring & hunting
We’re looking for someone who has:
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
- Minimum of 4-6 years of experience in information security engineering.
- Strong coding skills in languages such as Python, Java, or C++.
- Very good penetration testing skills, with a focus on cloud-based technologies.
- Experience with API security and secure software development practices.
- Relevant certifications such as CEH, OSCP, CREST or CSSLP.
- Proficiency in security tools such as SIEM, IDS/IPS, and firewalls, and general networking good practice.
- Strong understanding of PCI DSS standards and regulatory requirements.
- Excellent problem-solving and analytical skills.
- Ability to work collaboratively with cross-functional teams.
- A deep understanding of application security, especially within API’s and financial and/or e-commerce platforms.
- A deep understanding of various coding languages and software deployment strategies particularly within cloud environments (understanding of long-running services, containerization, micro services, etc).
- A deep understanding of Penetration Testing and vulnerability assessment techniques and how to grow and scale these techniques in automated fashion, while still maintaining the value that can only be achieved from manual testing.
- Great communication skills, both verbal and written.
- The ability to work under pressure and in a dynamic, fast-paced environment.
- A valid work authorisation to work in the region in which you are working
In the near future you’ll be focusing on:
In the first 3 to 6 months, the Security Engineer will undergo comprehensive onboarding and training, familiarizing themselves with company policies, procedures, and security standards. They will set up their work environment, meet key stakeholders, and review existing security documentation and architecture. Initial tasks include participating in security monitoring, incident response, and assessing API and general system/network security through various vulnerability assessments and penetration tests. They will ensure compliance with PCI DSS standards through regular audits and contribute to ongoing security projects. The role involves developing and automating security tools, integrating them into CI/CD pipelines, and leading advanced security initiatives. The engineer will also assist in updating security policies, provide training on secure coding practices, and stay updated with the latest security trends. Effective communication with stakeholders and cross-functional collaboration will be key, fostering a culture of security awareness and continuous improvement.
Desired Skills:
- cybersecurity
- CI/CD
- API security
- Python
Desired Work Experience:
- 5 to 10 years