Job description / Role
About PayFort, an Amazon Company: We serve the needs of online shoppers in all Arabic speaking and surrounding countries through our trusted, secure payment network that gives everyone the opportunity to shop online safely and easily. We build trust between buyers and online sellers by enabling consumers to transact online using the payment options they prefer with complete security and peace of mind while supporting the most popular payment methods available globally. PayFort is part of Souq Group, established in 2013. PayFort is regional expert in payment processing technology and solutions across major markets in the GCC & Levant countries, operating in UAE, Egypt, Saudi Arabia, Lebanon, Jordan and Qatar.
We are looking for Security Engineers to ensure that our applications and services are implemented with the high standards required to maintain and enhance our customer’s trust. If you enjoy analyzing system services, findings issues in code, networks and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.
The ideal candidate is passionate about solving security problems in innovative ways. They must desire to not only find issues but also the bias for action to drive the remediation of these issues to reduce risk for the company. The ideal candidate has broad and deep technical knowledge, typically ranging from front-end UIs through to back-end systems and all points in between. This person has strong software design and implementation experience, strong knowledge of web protocols, and an in-depth knowledge of Linux/Unix tools and architecture. Experience with web services-based applications, especially at massive scale, is very applicable.
The candidate will work with groups throughout Amazon and help them to integrate security into their projects. The solutions you develop will regularly require input and guidance from team members and will be based on security engineering best practices and industry standards.
The candidate will help ensure that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios. This position will provide you with an opportunity to work across development team to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale.
You demonstrate a breadth and depth of knowledge in the following disciplines:
• You recognize, adopt, utilize and teach best practices in security engineering: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
• You have appropriate technical skills required by your role and area of specialty: software development, network engineering, systems engineering, cryptography or a combination of all.
• You have a capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.
• You participate in efforts to promote security throughout the Amazon.
• You help teams develop pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
• You maintain an understanding of the Internet threat environment and how it affects the company.
• You work to find and fix flaws in existing company systems and sites.
• You understand the current state of network and application security tools and how they can benefit the company.
• MS in Computer Science or related field, or equivalent work experience
• Minimum of 5 years of experience in identifying security issues and risks, and developing mitigation plans
• 3+ years of experience performing security reviews and implementing defensive technical security controls
• Minimum of 2 years scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages
• Minimum of 2 years experience in three or more of the following areas: cryptography, application security, authentication, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
• Experienced in executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
• BS in Computer Science, Information Security, or related field, or equivalent work experience
• Demonstrated ability to prepare technical specifications and executive-ready communications
• Demonstrated understanding of crypto basics (encryption, signing, certificates, common algorithms)
• Relevant industry certifications (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, Cisco)
• Experience using AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc)
• Experience designing for relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series)
• Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM)
• Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments)
• Expert knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP)
• Track record of complex project delivery, effective organization, and executive maturity
• 4+ years experience in evaluating, recommending, and implementing new and emerging security products and technologies
About the Company
Amazon.ae, formerly Souq.com, is an English-Arabic language e-commerce platform, owned by Amazon, Inc. It is the largest e-commerce platform in the Arab world. On March 28, 2017, Amazon.com Inc. confirmed it would be acquiring Souq.com for $580 million. On May 1, 2019, Souq.com became known as Amazon.ae.