Security Engineer

Job Summary

This role encompasses a broad range of security responsibilities, including advanced offensive security operations, application security reviews, secure code reviews, and implementation of the Secure Software Development Lifecycle (SSDLC). The successful candidate will simulate sophisticated attacks, conduct secure code reviews, and contribute to the development of security tools. Responsibilities also include ensuring cloud security and Kubernetes security. The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security. They will perform threat modeling exercises with an attacker's mindset, leveraging their experience in bug bounty programs and red teaming simulations. The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools. This role requires a unique blend of skills and knowledge across multiple security domains.

Job Requirements

•    Conduct Red Team exercises, simulating APTs in cloud, container, and AD environments.
•    Develop and execute adversary simulations based on the MITRE ATT&CK framework, focusing on assume breach scenarios.
•    Simulate attacks on software supply chains and CI/CD pipelines.
•    Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks.
•    Conduct secure code reviews in collaboration with development teams to identify , exploit and implement mitigations on code level.
•    Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies.
•    Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle.
•    Provide security guidance to development teams, assisting in risk mitigation and secure development practices.
•    Collaborate with the Blue Team to improve detection capabilities and test defensive measures.
•    Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms.
•    Develop and maintain custom security tools and frameworks to automate security testing and monitoring.
•    Stay informed about emerging threats, attack techniques, and security technologies.

Education

•    Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
•    At least 6 years of experience in offensive security and Application security.
•    Proven experience in offensive security, with a strong understanding of attack vectors and techniques.
•    Relevant certifications such as OSWE, OSCP, CRTO, or similar.
•    Significant contributions to security through Bug bounty programs, CVEs or recognized security research.
•    Recognized public acknowledgments in security research.
•    Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits.
•    Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity.
•    Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s.