Job description
Title: Security Engineer 10+ Years
Location: 100% Remote
Duration: 12+ months
Specifics:
- Most of the source code for review will be using Java, Javascript, and NodeJS (NodeJS is least important).
- For any of these technologies they need to able to code review, and identify weak patterns/api usage. (Java/Javascript/NodeJS). Apex (which is based on Java), is a nice to have.
Job Description:
The Ecommerce Security Focus Team is focused on assessing and reducing risk with our varied internal customers. We execute this by performing design reviews and threat models, evaluating security controls (or the lack thereof), and filing and following up on issues discovered.
Must Have:
- Demonstrated ability and experience securing large complex enterprise architectures or systems deployed in public cloud
- Demonstrated ability and experience performing threat modeling / data flow diagramming / architecture risk analysis, identifying bugs and flaws and driving work items from these activities to resolution
- Demonstrated ability to work with engineers to identify the trade-offs of different solutions and recommend the ideal design to meet security requirements.
- Strong writing and presentation skills. Should be able to communicate at all levels in the organizations and in some situations act as a technical writer. Possess the ability to communicate concisely, clearly, and intelligently to partners from a variety of backgrounds, including those who are non-technical.
- Offensive mindset: consider abuse and attack paths as well as the defensive mindset to recommendations to prevent them
- Ability to adapt to evolving security and business priorities quickly and effectively.
- Presentation/communication skills, particularly for an executive audience
- B.S. / M.S. in Computer Science, Electrical Engineering or equivalent experience.
- Working knowledge of the OWASP Top 10 Security vulnerabilities and/or WASC 25 Security Vulnerabilities
- Reasonable understanding of cryptography and able to recommend standard solutions for protecting data at rest and in storage, transport and identity purposes
Nice-to-Have:
- Some experience performing penetration testing or familiarity with the process
- Familiarity with compliance and security requirements and an ability to translate these product requirements
Job Type: Full-time
Schedule:
- 8 hour shift
Experience:
- Linux: 1 year (Preferred)
- Cybersecurity: 1 year (Preferred)
- Information security: 1 year (Preferred)
Work Location: Remote