Senior Cyber Security Engineer
Security
Senior Cyber Security Engineer
Gdańsk
Type of work
Undetermined
Experience
Senior
Employment Type
B2B
Operating mode
Remote
Ciklum
We are a global Digital Solutions Company for both Fortune 500 and fast-growing organisations around the world. More than 4000 experts in 11 engineering hubs are creating digital platforms for a variety of industries. Let’s empower success together.
Tech stack
CI
CD
Cybersecurity
Security
Job description
Online interview
On behalf of Ciklum Digital, Ciklum is looking for a Senior Cyber Security Engineer to join our team on a full-time basis.
Project Description:
Our client is an online food ordering company founded in Kuwait. It operates in Kuwait, Saudi Arabia, Bahrain, the UAE, Oman, Qatar, Jordan, and Egypt. It is the largest online food ordering company in the Middle East.
Technology background:
Main application hosting is established in AWS, some applications are in a physical data centre in the UK. Applications are developed on the .NET platform.
About Quality Engineering Team:
Quality Engineering Center of Excellence is an international award-winning Quality Engineering department that has rapidly evolved over the past 7 years to become a mature Quality Engineering service provider with 250+ professionals working in 7 main directions: QA Consulting and Management, DevOps, Manual, Automation, Support, Performance, Cyber Security and Robotic Process Automation.
Our main principles are:
- People are over processes and hierarchy
- Flat and open collaboration/communication increases creativity and brings more value to the business
- Investing in people and innovations ensures your future
- Reuse and share your experience – Develop best practices, publicize, and follow them
Quality Engineering Center of Excellence is an optimal environment for your professional involvement and growth.
Responsibilities
- Work with the in-house security team to drive wide security initiatives
- Patch management
- Support in compliance and audit project
- Executes architecture reviews
- Security projects estimation, participation in the analysis of security team efforts
- Guide middle and junior engineers through projects
- Vulnerabilities discovery in Manual and Automated ways as part of Penetration Testing and Application Security reviews
- Evaluation of security risks and recommendations for risks mitigations
- Documentation of security findings, security testing report preparation and review
- Communication with clients
- Presentation of the team’s work results and reports to clients
- Security training and knowledge sharing for internal QA and Development teams
Requirements
- BS in Computer Science or related field
- At least 4 years of relevant work experience including but not limited to: Web and Mobile Application Security, Penetration Testing, Vulnerability Assessment, and Code-level Security Auditing
- Experience with defensive and offensive security tools and techniques
- Good understanding and independent application of cloud environment, CI/CD, testing, and validation
- Independently applies best practices for information security (frameworks, standards, controls, architecture, privacy, anonymization, monitoring, alerting)
- Ability to work as part of the Security incident response team
- Ability to manually find and exploit at least OWASP Top10 Web vulnerabilities
- Ability to manually find and exploit at least OWASP Top10 Mobile vulnerabilities
- Familiarity with OWASP Testing guide
- Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
- Ability to operate by vulnerability assessment tools like Tenable Nessus or Rapid7 Nexpose
- Experience with HTML, XML, JavaScript, CSS, SQL, and JSON
- Experience with one or more scripting languages: Python, Ruby, PHP, Bash, and Perl
- Ability to read source code and find issues using tools or manually in .NET or Java
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
- Upper-intermediate English level
Nice to have
- Relevant work experience in one of the following: Development, QA Automation (Web, Mobile, etc.), and Security consulting
- Professional certifications. For example, issued by: Offensive Security, eLearn Security, SANS, CREST, Mile2, SecurityTube, ISACA, (ISC)2 and EC-Council
- Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
- Security-related publications, blog posts, and/or participation in tools development
Personal skills
- Good team player motivated to solve complex tasks
- Strong communication and problem-solving skills
- Self-motivated, self-disciplined and result-oriented
- Strong attention to details and accuracy
- Independent, Self-starter, Initiator
- Excellent communication skills for work with different groups within the project
What's in it for you
- Very close cooperation with different clients
- Possibility to propose solutions on a project
- Dynamic and challenging tasks
- Ability to influence project technologies
- Team of professionals: learn from colleagues and gain recognition of your skills
- Low bureaucracy
- Continuous self-improvement
- Trainings
- Knowledge sharing meetings
- State of the art, cool, centrally located offices with warm atmosphere which create really good working conditions (Gdansk or Wroclaw)
- Work from home/100% remote
- Private medical healthcare fully covered by Ciklum with a possibility to cover family members
- Fully covered life insurance – 100 000 PLN
- Fully covered drug insurance – up to 2 000 PLN/year
- Multisport card 100% covered by Ciklum – Benefit Systems, Plus package
- Parking space 50% covered by Ciklum
Check similar offers
