Cybersecurity Engineer

Cybersecurity Engineer

Requirements

• 7+ years’ experience in Cyber Security Engineering for Internet Facing Applications
• Strong understanding of web and mobile application security principles (OWASP Top Ten, CWE, and SANS Top 25)
• Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Nessus, and mobile-specific testing tools (e.g., MobSF)
• Proficiency with encryption standards, SSL/TLS, PKI, and API security
• Experience in securing mobile platforms (iOS, Android) and associated frameworks (React Native, Swift, Kotlin)
• Solid understanding of eCommerce technologies (e.g., payment gateways, session management, secure checkout) including CDN’s (Cloudflare or equivalent)
• Experience in working with Azure cloud infrastructure and FrontDoor CDN
• Familiarity with DevSecOps practices, including integrating security in CI/CD pipelines
• Strong incident response skills and experience with forensic tools to analyze web and mobile app compromises
• Ability to manage complex security incidents, including root cause analysis and post-incident reporting
• Excellent verbal and written communication skills, with the ability to translate complex security issues into actionable recommendations
• Strong collaboration skills, working cross-functionally with development, operations, and business teams

Responsibilities

• Designs, develops, and maintains the security of ecommerce web and mobile applications and their infrastructure
• Implement and configure security solutions, such as firewalls, encryption, authentication, authorization, logging, and monitoring, to protect web applications from cyberattacks and ensure compliance with security policies and regulations
• Perform security audits and reviews, and collaborate with other developers and stakeholders to ensure security integration and alignment
• Monitor, analyze, and respond to security incidents and threats affecting web applications and their infrastructure
• Maintain and operate Web Application Firewall Configurations for ecommerce and mobile applications
• Work efforts outside business-hours, when necessary, as part of on-call rotation schedule
• Perform false positive analysis on WAF events
• Conduct regular vulnerability scans, identify and assess potential weaknesses in our systems and networks, and implement appropriate security controls to address them

Preferred Qualifications

• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Mobile Device Security Analyst (GMOB)