Security Engineer

Responsibilities

Involve in Red Team activities:

• Perform penetration testing of Web and Mobile (iOS, Android, Windows and Mac) applications
• Own the vulnerability management lifecycle from identification, remediation to reporting
• Active monitoring and detection of operational security risks in the organization
• Conduct technical investigations on security incidents and tools
• Liaise directly with users on security enquiries and concerns during Pre-sales and Support

Conduct engagement with the Blue Team for the following:

• Work with engineering and DevOps teams to implement security best practices
• Implement and improve workflows to automate vulnerability detection as part of the software development lifecycle
• Review risks and patches of software components used in the applications
• Facilitate threat modelling as part of the software development lifecycle
• Help in security awareness training
• Help in implementing the needed controls for different certification bodies such as ISO 27001 and SOC Type 2

Qualifications

• At least 5 years of experience in application security testing and assessments
• Solid understanding of cybersecurity principles, standards and protocols such as OWASP Top 10 and SANS Critical Security Controls
• Experience with application security tools as Burpsuite, OWASP ZAP, Metasploit, Sonarqube (experience with Ghidra or IDA is a plus)
• Experience with programming languages such as Java, JavaScript, C/C++
• Experience with scripting languages such as bash or Powershell
• Experience and knowledge of cloud solutions and architectures such as AWS
• Experience and knowledge of Security information and event management (SIEM) technologies
• Good analytical skills
• Strong sense of ownership
• Technical and industry certifications such as CISA, CISM, CISSP are a plus

Others:

• This is for a hybrid work setup.
• Successful completion of background check and NBI clearance will be required.