Application Security Engineer
Fintech start-up, backed by leading international venture capital firm require a Security SME to help them with this broad role within Application Security, Penetration Testing and Development. The Engineer will essentially be responsible for the security of the firm working cloesly with the CISO, this is still a hands-on engineering role, but has great prospects for the successful candidate to grow into this role and take ownership of the security road map.
The Successful applicant must be motivated at the prospect of working within a start-up and possess an entrepreneurial attitude with the ability to make an instant impact within the company.
By applying your in-depth knowledge across all aspects of penetration testing, ethical hacking, incident response and AWS application security you will be responsible for implementing, building and supporting the cloud network, infrastructure and application security efforts across our global corporate and production infrastructures. Using methods such as automated code scanning, security reviews, secure coding guidelines and manual security testing.
- Identify and mitigate AppSec threats against the platform.
- Carry out regular internal threat modelling exercises.
- Implement and develop the security network, infrastructure, and cloud controls.
- Take the lead on incident Response.
- Write code to make the platform secure
- Continually oversee the network security posture to help protect against attacks.
- Use and develop automation tools and security frameworks to enhance protection.
- Evaluate and test new vendor and in-house security tools.
- Ensure security practices and data protection are understood and adhered to throughout the company.
- Strong security engineering background ideally in Application Security, Pen Testing, Incident Response and some software development
- Experience in Pen Testing tools – Kali Linux. AppSec controls CSP or SRI
- Deep understanding of Cloud infrastructure security AWS (Amazon Web Services)
- Strong network and troubleshooting experience (TCP/IP)
- Experience in complex Infrastructure as code
- Practical experience in attacking web app vulnerabilities such as XSS, CSRF, SQLi, XXE, LFI/RFI etc.
For more information on this role apply on-line or send your CV to firstname.lastname@example.org