• Proven work experience as a software security engineer or information security engineer.
• Detailed technical knowledge of database and operating system security.
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Experience with network security and monitoring is a plus.
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and protocols
• Knowledge of best practices and benchmarks e.g. OWASP, CIS. Candidates should be able to explain OWASP, CWE and discuss effective defensive techniques.
• Experience with Cloud and Virtualized technology and its security i.e. AWS, Azure or GCP.
• Interpret security tools and penetration testing results and describe issues and fixes to developers.
• Implement a product fuzzing system to find security defects and where they reside in source code.
• Deep understanding of HTTP/HTTPS and SSL/TLS protocols, and Web applications.
• Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, and/or AWS IAM.
Closely collaborate with the Solution Architect to identify security risks and propose and implement measures to mitigate those risks.
• Should have experience with implementation of well-known security standards and benchmarks.
• Perform on-going security testing and code review to improve software security and coding practices.
• Ensure that on-premises and in-cloud deployment stacks comply with different security standards.
• Design computer security architecture and develop detailed cyber security designs.
• Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines.
• Configure and troubleshoot security infrastructure devices.
• Ensure that the company knows as much as possible, as quickly as possible about potential security threats.
• Be well informed about the latest vulnerabilities and exploits and write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements for internal and client notifications.
• Participation in the processes of strategic project-planning meetings.