Our client has a world-class Transaction Marketing Platform for some of the world’s more notable brands. They are seeking talented and motivated Web Application Security Engineer to join a growing, international team made up world-class tech professionals.
You will join a small security team but be able to work autonomously with the opportunity to set up the penetration testing capability. Ideally coming from a software development background as you will work closely with developers during the design phase to embed security measures within the products. This is a great opportunity to be part of a growing, fun and collaborative culture with some of the best tech minds in the business.
Actioning of security controls at all phases of the (S)SDLC, including:
- Manual and automated penetration testing for security quality assurance of applications and websites
- Auditing of system and AWS cloud infrastructure configurations for security weaknesses
- Reviewing source code for security vulnerabilities
- Establishing threat modelling documentation for engineering teams and assist in system design to ensure the necessary technical controls are in place to maintain the CIA triangle
- Working with Product Team to ensure security and privacy concerns are adequately addressed in feature specifications and in accordance with our legal and compliance requirements
- Verifying the successful resolution of past vulnerabilities and implement automated tests to detect regressions
- Maintaining a register of known vulnerabilities
- Scaling and automating security checks by augmenting CI/CD pipelines with security tooling
- Documenting of security guidelines and practices
- Providing application and code security training through workshops and presentations
- Experience performing web application vulnerability assessments, using a documented testing methodology (e.g. OWASP, OSSTMM, PTES, etc.)
- Practical skills in assessing web applications for weaknesses (e.g. XSS, SQLi, CSRF, LFI/RFI, etc.)
- Collaborate with Engineers to develop an understanding of their systems and data flows
- Demonstrable skills in identifying threats and attack vectors for systems based on interviews and architecture documentation
- Knowledge of secure coding best practices and the ability to identity security vulnerabilities in source code
- A creative mind; able to identify novel ways of bypassing security controls and unintended interactions between multiple systems
- A hunger for new knowledge and drive to learn; actively participating in the security community and regularly practicing to improve your skills
Your CV should include:
- Links to source code repositories that can evidence your skills and experience, e.g. scripts, tools, CTF solutions, etc.
- Links to security communities you actively participate on, e.g. forums, CTFs, bug bounties, etc.