Security Engineer

• Help design, build and continuously improve the clients online platform.
  
• Research, suggest and implement new technology solutions following best practices/standards.
  
• Take responsibility for the resiliency and availability of different products.
  
• Be a productive member of the team.
  
  
  
  

Core Competencies:

• Strong grasp of the NIST security framework and associated controls, with the ability to lead architecture-level security discussions with product teams.
  

• In-depth understanding of tiered architectures in both web and mobile applications, including components such as web servers, database servers, firewalls, and network structures like VNETs or VPCs.
  

• Experience with container security practices and tooling.
  

• Familiarity with industry-standard tools for Static Application Security Testing (SAST) and Software Composition Analysis (SCA)—e.g., GitHub Advanced Security (GHAS).
  

• Hands-on experience with Microsoft Azure, including securing both managed and unmanaged services in the cloud; Azure certifications are a plus.
  

• Solid understanding of threat modeling methodologies and the ability to identify vulnerabilities across various interfaces in web applications, enterprise/cloud environments, and mobile app architectures.
  

• Deep knowledge of the OWASP Top 10 application security risks and their mitigation strategies.
  

• Possession of CISSP or CISM certification is highly desirable and considered a differentiator.

Key Skills:

• Security Architecture
  

• Threat Modeling
  

• Cloud Security
  

  
  
  
  

• A challenging, innovating environment.
  
• Opportunities for learning where needed.