As a Security Automation Engineer, you will be part of our cybersecurity team helping design, enhance and build various security solutions in an agile development environment.
Working closely with colleagues, who will support and challenge you daily. We believe in self managing Agile teams who build products end to end focusing on unit testing, code reviews and continuous integration for excellent code quality.
You are expected to work closely with architects, developers, testers, and our corporate IT security organization, to deliver security solutions using hands-on experience in security solutions and services.
You need to be a self-starter, a quick learner of new technologies and have experience in product security such as secure application design, static code analysis and web/mobile application vulnerabilities, and penetration testing.
You will be hands-on and a critical part of the engineering team for a high-performance product security automation framework development, evangelism, and maintenance.
Key Responsibilities
- Contributing to open source projects and supporting open source excites you
- Provide core software development and test automation skills to build and improve security tools and automation platforms
- Installing, configuring, and maintaining a variety of open source and commercial software tools including web interface and dashboard technologies, application and messaging servers, and database technologies while working to optimize and streamline deployments
- Develop solutions for the automation, security, audit and compliance monitoring, and auto-remediation of common infrastructure and application components and services, with an eye towards developing visualization as well as self-service endpoints and capabilities
- Design, develop and implement automation measures to help in effective security operations
- Gather threat intelligence and build, optimize and automate systems to consume threat feeds and to track adversaries
Desired Skills, Experience, & Qualifications
- BS or MS in Computer Science, Engineering in Information Systems Management with a security concentration and 3 to 5 years respectively of industry experience
- You live and breathe web/mobile technologies and like learning new things
- You enjoy problem solving and have strong debugging skills
- You want to build compelling new experiences and tools
- You have excellent communication and interpersonal skills and above all, you are a team player
- Strong problem solving and analytical skills
- Ability to quickly digest any issue/problem encountered and recommend an appropriate solution
- Experience with intelligent workflows, automation and orchestration
- Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc.
- Hands on experience in using Penetration Testing or Dynamic Application Security Testing Tools (Burp Suite Pro, Checkmarx, Blackduck, SQLMap or commercial products Acunetix/Netsparker/Metasploit) is a plus
- Experience in CI/CD, understanding of various CI/CD tools and frameworks like Jenkins, Maven, Hudson, Artifactory, Bamboo, Chef, Ansible
- Experience in SSL/TLS, Keystores, RBAC, etc.
- Experience with AWS
- Experience in deployment processes and best practices
- Knowledge in payment services and systems is a plus
- Linux - Strong Linux knowledge
- Network experience: Socket, TCP/IP, UDP and Multicast
- Independent - no micro managing here, but, you must be able to communicate
