Security Engineer

Job description 

We are seeking a highly skilled and experienced Software Security Lead to join the web and mobile application development and engineering team for a leading name in the food and beverage market with 500+ stores worldwide. This person will play a crucial role in ensuring that the software and development processes adhere to those industry security standards and those defined by the company. The role requires a blend of both hands-on technical expertise in vulnerability assessment and penetration testing, as well as experience in defining and implementing new security controls and processes and ensuring that cross-functional team members are fully aware of these processes and how to comply with them.

Key Responsibilities 

• Perform periodic vulnerability assessments across web and mobile applications; define the scope, prepare a test plan with timelines, create test cases for business logic testing, and obtain sign-off for deliverables. 
• Assist with scoping, co-ordination and operation of routine third-party penetration testing activities.
• Validate and prepare vulnerability assessment and penetration testing results for remediation, ensuring the development team are aware of their significance.
• Manage the remediation of security vulnerabilities with the relevant development teams, following through from notification and support to completion.
• Prepare development teams for annual PCI-DSS audit, collecting relevant documentation and evidence as necessary
• Provide training sessions and workshops to educate cross-functional development teams on security standards and processes that must be followed.
• Establish and maintain security processes throughout the software development lifecycle, and ensure that these are well implemented into DevOps security practices and CI/CD pipelines. 
• Assist with development and implementation of new security controls to protect software systems from threats.
• Lead the response to any security incidents that may arise within the software development environment.

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field
• Having a certification background in any one of GCIH, GCIA, GPEN, OSCP or other relevant certifications within Cyber Security is highly advantageous.
• Several years of experience in software security and experience of securing cloud-based services/environments (GCP, AWS, Azure), technologies, and providers (e.g. SaaS, IaaS, PaaS) that expand at a rapid scale.
• Demonstrated experience using a variety of security tools and processes to perform vulnerability assessments such as Nmap, Metasploit, Kali Linux, Burp Suite. 
• Ability to perform vulnerability assessments against iOS and Android applications and when new product designs are implemented. Experience in iOS and Android development is advantageous.
• Must have knowledge of detecting attacks through jailbreaking, resource encryption, check-summing, debugger detection, swizzle detection, hook detection and other means.
• Experience identifying application attack vectors and strong knowledge of common vulnerabilities (e.g. OWASP Top 10).
• Strong understanding of defending applications against compromise via a range of techniques including advanced obfuscation, pre-damage, string encryption, symbol stripping, renaming, debug Info, call hiding.
• Proficiency with security tools and technologies such as web application firewalls, intrusion detection systems, encryption and vulnerability scanning tools
• Good understanding of security operations, network security, threat intelligence, and incident response.
• Strong technical knowledge across a range of server and gateway platforms, including Linux/ Unix/Windows/ Mac
• Demonstrable knowledge and experience of scripting/programming tools such as PowerShell, Python, SQL.
• Ability to perform analysis of log files from multiple devices and environments and identify indicators of security threats. Strong understanding of parsing and analyzing web, system and security logs is desired.
• Familiarity with security frameworks and standards (e.g. NIST, ISO 27001, OWASP and PCI DSS)
• Experience in defining and implementing security controls and processes, ideally within application and software development. Experience in proactive issue detection, tool creation, development of best practices and procedures and policy development.
• Excellent verbal and written communication skills; able to explain the significance of technical vulnerability assessment and penetration testing findings to non-security team members; experience in documenting new process and policies.
• Ability to offer security guidance to product teams as they build new mobile products and features.
• Must be able to effectively work with and interact with teams of various backgrounds and maintain positive relationships; be able to work in a collaborative team environment.