Information Security Engineer

  • Highly competitive
  • Washington D.C., DC, USA
  • Permanent, Full time
  • Pure Hong Kong , EA Licence No: 12S5954
  • 21 Apr 19

On behalf of a high profile information technology company, with a global presence, I am seeking a, highly technical, cyber security professional to take responsibility for the company's information security remit.

As senior security engineer, you will co-operate with Dev, QA, DevOps and TechOps to ensure that solutions and products are designed and implemented to the highest security standards.

You will perform technical security assessments, code reviews and vulnerability testing to proactively build effective methods to enhance our overall security posture. You will also oversee the company’s bug bounty program.

Responsibilities

  • Provide security guidance on rapidly growing portfolio of new products and technologies
  • Conduct regular technical security assessments, code audits and design reviews
  • Analyze, assess, and respond to information security threats
  • Develop technical solutions to help mitigate security vulnerabilities
  • Analyze bug bounty data to identify vulnerability patterns and trends and recommend technical solutions

Requirements:

  • 7+ years of experience in application-level vulnerability testing (e.g. Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc.) and code-level security auditing
  • Strong proficiency in C++, with solid knowledge of language specification and solid understanding of Boost and Lambdas
  • Knowledge of the various cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP
  • Formal background in cryptographic protocols and best practices, including knowledge of symmetric and asymmetric protocols, hashing, key exchange, and certificate management
  • Familiarity with CVEs and ability to communicate their meaning to the engineering team by translating them into actionable actions

Preferred Qualifications

  • Contributions to the security community (public research, presentations, blogging, etc)
  • Experience of writing native modules for high-level languages (node.js, WebAssembly etc.)
  • Experience with Amazon Web Services and/or Google Cloud Platform
  • Experience with vulnerability analysis, software compliance standards (e.g., FedRAMP, SOC2, FIPS, DISA STIG)
  • Experience with Docker/Kubernetes
  • GIAC certifications and/or other security-based credential (CISSP CSSLP, SSCP, CCSP and CAP)


Please note that whilst this role must be based on the East coast of the USA there may be a limited degree of flexibility as to location. 

We are open to speaking with, suitably qualified, candidates who are happy to re-locate.