Purpose
The purpose of this position is to help improve information security of HungerStation users, partners and employees.
Key Activities
- Champion security with development teams to make their code more secure, primarily through manual code/architecture review
- Collaborate with engineers to resolve identified security weakness
- Develop secure coding resources for engineers ranging from wiki articles to master classes covering both standardized topics like OWASP Top 10 to custom tailored content to address common issues
- Perform whitebox/black box vulnerability assessment for Web, Mobile Apps and infrastructure
- Report vulnerabilities and help Engineers solve them
- Conduct security-centric code reviews of new and legacy applications to identify security vulnerabilities
- Create, implement and maintain security automation tools as required
- Improve infrastructure security to handle external and internal threats
- Improve security monitoring of infrastructure
- Provide security event analysis and escalation for identified threats
- Act as technical leader for security incident management and related forensics analysis
- Conduct security awareness sessions for the wider organization
- Introduce mechanisms to spread security awareness
- Follow all relevant policies, procedures, and processes in order for the daily work to be carried out in a controlled and consistent manner
- Contribute to the identification of opportunities for continuous improvement of processes, practices, work processes, cost effectiveness, and productivity enhancement
- Follow daily operations relating to the job to ensure work continuity
- Contribute to preparing timely and accurate reports that concern the line of work to meet the requirements, objectives, and standards
- Ensure the satisfaction of both internal and external customers by addressing their needs in a courteous and timely manner
- Promote to other employees within the organization the implementation and adherence to policies, procedures, processes, and instructions
Requirements
Knowledge and Experience
- Working knowledge of common application and network security assessment tools and techniques
- Experience with different types of attack vectors like DoS/DDoS, SQL injection, Session Hijacking, Cross Site Scripting (XSS).etc.
- Experience with vulnerability management (identifying, tracking, prioritizing, and collaboration with responsible teams to resolve)
- Experience working with network security and analysis tools such as IDS/IPS, sniffers, WAFs, firewall ACLs is a plus
- Working history of performing security assessments in cloud environments is a plus
- Extensive experience working with distributed systems, including deep understanding of UDP amp; TCP protocols
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Proficiency in Ruby language is a plus
- Proficiency in Containerized Application Security is a plus
- Certifications like CEH, OSCP, OSCE are a plus
- Team player who can get along with others both inside and outside the company
- Enjoys working in an accomplishment-oriented, fast-paced environment
Education and Certifications
- Bachelor's degree in Computer Science, Information Security or equivalent experience required
- Master’s degree in a relevant field is preferred
- Certifications like CEH, OSCP, OSCE are a plus