Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
Position Overview
We are looking for an experienced Security Engineer with 7-10 years of proven expertise in application, infrastructure, and cloud security.
The ideal candidate will have hands-on experience in penetration testing, DevSecOps practices, cloud security (AWS & Azure), and security architecture.
They will also play a key role in building a strong security culture, driving awareness, and collaborating with multiple teams to integrate security seamlessly across the organization.
Responsibilities
Perform penetration testing of web applications, mobile applications, and APIs.
Perform secure code reviews to identify vulnerabilities in application code, scripts, and configurations.
Configure, fine-tune, and review results from SAST, DAST, IaC, container, and dependency scanning tools.
Drive DevSecOps initiatives, including security integration in CI/CD pipelines.
Review and enhance Kubernetes security, container security, and infrastructure security.
Contribute to security architecture design and reviews for applications, infrastructure, and cloud.
Conduct threat modeling, risk assessments, and vulnerability management.
Establish and deliver security training, awareness sessions, and best practices to teams.
Collaborate with development, DevOps, and infrastructure teams to ensure secure design and delivery.
Act as a security advisor to stakeholders, explaining risks and recommendations in simple, non-technical terms.
Participate in incident response and post-incident reviews, ensuring lessons learned are applied.
Stay updated on emerging threats, attack techniques, and new security technologies.
Good to Have
Certifications such as OSCP, OSWE, CISSP, CCSP, CKS, CKA, AWS Security Specialty, or Azure Security Engineer Associate.
Exposure to GRC frameworks (ISO 27001, SOC 2, NIST, CIS).
Familiarity with privacy and compliance requirements (GDPR, PCI DSS, HIPAA, etc.).
Soft Skills
Strong analytical and problem-solving mindset.
Ability to explain technical risks to non-technical audiences.
Collaborative approach, working effectively with development, DevOps, product, and leadership teams.
Passion for continuous learning and building a culture of security.
We are looking for an experienced Security Engineer with 7-10 years of proven expertise in application, infrastructure, and cloud security.
The ideal candidate will have hands-on experience in penetration testing, DevSecOps practices, cloud security (AWS & Azure), and security architecture.
They will also play a key role in building a strong security culture, driving awareness, and collaborating with multiple teams to integrate security seamlessly across the organization.
Responsibilities
Perform penetration testing of web applications, mobile applications, and APIs.
Perform secure code reviews to identify vulnerabilities in application code, scripts, and configurations.
Configure, fine-tune, and review results from SAST, DAST, IaC, container, and dependency scanning tools.
Drive DevSecOps initiatives, including security integration in CI/CD pipelines.
Review and enhance Kubernetes security, container security, and infrastructure security.
Contribute to security architecture design and reviews for applications, infrastructure, and cloud.
Conduct threat modeling, risk assessments, and vulnerability management.
Establish and deliver security training, awareness sessions, and best practices to teams.
Collaborate with development, DevOps, and infrastructure teams to ensure secure design and delivery.
Act as a security advisor to stakeholders, explaining risks and recommendations in simple, non-technical terms.
Participate in incident response and post-incident reviews, ensuring lessons learned are applied.
Stay updated on emerging threats, attack techniques, and new security technologies.
Good to Have
Certifications such as OSCP, OSWE, CISSP, CCSP, CKS, CKA, AWS Security Specialty, or Azure Security Engineer Associate.
Exposure to GRC frameworks (ISO 27001, SOC 2, NIST, CIS).
Familiarity with privacy and compliance requirements (GDPR, PCI DSS, HIPAA, etc.).
Soft Skills
Strong analytical and problem-solving mindset.
Ability to explain technical risks to non-technical audiences.
Collaborative approach, working effectively with development, DevOps, product, and leadership teams.
Passion for continuous learning and building a culture of security.
Job Requirements
Qualifications
Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
7-10 years of experience in information security roles.
Strong expertise in penetration testing (web, mobile, API) with hands-on experience.
Hands-on experience with SAST, DAST, SCA, IaC scanning, and container security tools (e.g., SemGrep, Checkmarx, Veracode, BurpSuite, ZAP, Prisma, Trivy, etc.).
Deep understanding of DevSecOps principles, CI/CD pipeline security, and security automation.
Knowledge of cloud security best practices in AWS and Azure (e.g., IAM, networking, encryption, monitoring).
Familiarity with Kubernetes, Docker, and container runtime security.
Solid grasp of security architecture and secure design principles.
Strong scripting skills (Python, Bash, or similar).
Excellent communication and stakeholder management skills.
Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
7-10 years of experience in information security roles.
Strong expertise in penetration testing (web, mobile, API) with hands-on experience.
Hands-on experience with SAST, DAST, SCA, IaC scanning, and container security tools (e.g., SemGrep, Checkmarx, Veracode, BurpSuite, ZAP, Prisma, Trivy, etc.).
Deep understanding of DevSecOps principles, CI/CD pipeline security, and security automation.
Knowledge of cloud security best practices in AWS and Azure (e.g., IAM, networking, encryption, monitoring).
Familiarity with Kubernetes, Docker, and container runtime security.
Solid grasp of security architecture and secure design principles.
Strong scripting skills (Python, Bash, or similar).
Excellent communication and stakeholder management skills.