Information Security Engineer II

Join our team as an Information Security Engineer and help us drive innovation in the world of software development! We are looking for a skilled Info Sec engineer with experience in various tech stacks.

We're looking for a self-starter with a passion for software development and the ability to work independently as well as part of a team. If you have a strong eye for detail, excellent problem-solving skills, and a willingness to learn and grow, we'd love to hear from you!

We are seeking an experienced and highly skilled Information Security Engineer to join our organization. As an Information Security Engineer, you will play a critical role in safeguarding our systems, networks, and data from potential threats and vulnerabilities. You will be responsible for implementing and maintaining robust security measures, assessing risks, and ensuring compliance with industry standards and regulations.

Key Responsibilities

Application Security Testing

•  Conduct web application penetration testing using OWASP Top 10 and SANS 25 methodologies.
•  Perform secure code reviews for web and mobile applications (Java, Python, .NET, Node.js, etc.).
•  Identify and exploit insecure authentication, authorization flaws, and business logic vulnerabilities.
•  Work with development teams to remediate security flaws and implement secure coding practices.

API Security Testing & Mobile Security:

•  Perform API penetration testing (REST, GraphQL, SOAP) for authentication and data exposure issues.
•  Assess OAuth, JWT, API rate-limiting, and API security misconfigurations.
•  Test mobile applications (Android & iOS) for data leakage, insecure storage, and broken cryptography.

Infrastructure Penetration Testing & Cloud Security:

• Conduct network and infrastructure penetration testing on cloud and on-premises environments.
•  Identify misconfigurations in cloud platforms (AWS, Azure, GCP) and container security issues.
• Perform Active Directory penetration testing for privilege escalation and lateral movement.
•  Simulate real-world attack scenarios using tools like Cobalt Strike, Metasploit, BloodHound, and CrackMapExec.

Vulnerability Reporting & Remediation Guidance:

 Document security vulnerabilities with detailed PoCs and risk assessments.
 Provide clear remediation guidance to development and infrastructure teams.
 Track vulnerabilities using tools like JIRA, ServiceNow, or internal vulnerability management platforms.

Security Tools & Automation:

 Utilize and customize security testing tools such as Burp Suite, OWASP ZAP, Nmap, Nessus, Nikto, SQLmap, and Kali Linux.  Write custom scripts for automating security assessments (Python, Bash, PowerShell).  Conduct fuzz testing and use dynamic and static analysis tools (SAST/DAST) to identify security flaws.

Required Skills & Expertise

 Application Security Testing: Hands-on experience with OWASP Top 10, API security testing, and manual security assessments.
 Penetration Testing & Ethical Hacking: Strong understanding of penetration testing methodologies (PTES, MITRE ATT&CK).
 Network & Infrastructure Security: Experience with internal/external penetration testing and cloud security assessments.
 Security Tools & Scripting: Proficiency in Burp Suite, Metasploit, Kali Linux, Nmap, Nikto, SQLmap, Nessus, Python/Bash scripting.
 Vulnerability Reporting & Risk Assessment: Ability to communicate security risks effectively and provide remediation guidance.
 Threat Modeling: Knowledge of secure design principles and risk assessment techniques.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Proven work experience as an Information Security Engineer or in a similar role.
• In-depth knowledge of information security principles, practices, technologies, and industry standards.

BENEFITS:

• Annual performance-related bonus
• 6x Flexi time off: knock 2.5 hours off your day on any day.
• Medical insurance coverage for extended family members.

Engaging, fun & inclusive culture: check out the MRI Software APAC Insta feed and stories!

About the business:

MRI Software is a global Proptech leader delivering innovative applications and hosted solutions that free real estate companies to elevate their business.

Our flexible technology platform, along with an open and connected ecosystem, allows us to meet the unique needs of real estate businesses, from property-level management and accounting to investment modeling and analytics for the global commercial and residential markets. With nearly five decades of expertise and insight, we have grown to include offices across the United States, the United Kingdom, Hong Kong, Singapore, Australia, South Africa, New Zealand, Canada, and India, with over 4000 team members to support our clients and their unique needs!