Senior/Lead InfoSec Engineer (AppSec)

We are seeking for a talented and seasoned InfoSec Engineer who is willing to work remotely, be self-organized and involved in the life of the team. As a InfoSec Engineer you will be responsible for Security of our product.

Responsibilities

• Conduct security reviews of mobile and application environments, ensuring robust protection through auditing and implementing security controls.
• Develop secure architecture designs following international best practices, implementing necessary security controls and assessments.
• Identify potential threats and conduct risk assessments, selecting and monitoring protection measures to mitigate risks and vulnerabilities.
• Participation in the root cause analysis of incidents, eliminating their consequences and development of corrective measures.
• Budget and resource planning: provide relevant and validated input and forecast to plan and execute projects and programs.
• Facing challenging situations and dealing with uncertainty.
• Provide security training for development teams, educating them on secure development processes and best practices.
• Create security documentation aligned with best practices, providing clear guidelines for development teams.
• Develop and implement security tools, integrating them into processes and monitoring their effectiveness.
• Deliver and improve security metrics, analyzing and reporting key metrics to drive security improvements.

Our expectations

• 5+ years of professional experience in information security.
• Audit/regulatory experience.
• Technical knowledge of different security controls and mechanisms such as: IDS/IPS, firewalls, PAM, EPP, different types of scans (WAS, static / dynamic), OWASP, MITRE, VMS. Knowledge of authentication and authorization systems, IDM and SSO solutions.
• Experience with AWS Security solutions (AWS WAF, FWM, GuardDuty).
• Secure SDLC development/implementation (Terraform+K8s) will be an added advantage.
• Understanding of the principles of modern web applications, microservice architecture, containerized applications, CI/CD processes and secure development.