Senior Security Engineer

{{ flashMessage.message }}

JOB DESCRIPTION / ROLE

Employment: Full Time

Description

About Souq:

Souq.com is the largest ecommerce site in the Arab world. Every month, Souq.com attracts more than 41 million visits to its catalogue of more than 8.5 million unique products in 35 different categories, including consumer electronics, household goods, fashion, watches, perfumes, toys, and baby products.

Established in 2005, Souq.com today operates both as an award-winning retail business and an online marketplace that allows SMEs, merchants, brands and distributors to distribute their products online.

With more than 4,000 employees, We have offices and local operations in UAE, Egypt, Kingdom of Saudi Arabia, and leading Product and Engineering centers in Jordan and India, offering a unique opportunity to join the leading player in an ever growing and exciting industry.

Overview:

Security Engineer is considered a technical leader on your team. He/she needs to show competent knowledge and expertise in (ISC)2 CBK areas to be able to assess risk and help deliver countermeasures that protect customers and company data. He/She must understand Computer Science principles and be able to apply them in the context of the security problem (e.g., understanding design principles, algorithms, why one code or framework type is more applicable for a given scenario or problem, why hardware and software issues differ, etc.) SecEng should be able to work with software engineering teams to create solutions that solve or remediate security problems (at a difficulty that is appropriate to their level). The work focuses on large, ambiguous security problems in internal and partner-org security services or initiatives.

They should also be able to understand how threats and countermeasures affect the business. They need enough technical knowledge to effectively influence engineering teams and their leaders. They also need enough experience to foresee the consequences of insecure technology decisions to determine the right trade-offs. They need to be able to assess a technology implementation and determine when services or code lack sufficient compensating controls and mitigations so they know when escalation is warranted.

Job Description:

- Engage autonomously with product and system owners to help create, build and innovate security defenses, possibly by writing code, scripts, creating detections, etc.
- Conduct security code reviews to current deployed applications
- Conduct security and penetration tests against Souq applications and infrastructure.
- Administer and harden internal processes and systems against outside attacks.
- Fix deficiencies proactively and/or propose large projects, mindful of resources, which may require the work of your team and other teams related with architecture.
- Manage or lead multiple or challenging projects to meet security goals, mitigate risk, and/or reduce security debt.
- Design or write code that delivers security automation
- Influence design and architecture choices made by partner-orgs (e.g., system, network, or software).
- Show good business judgment when making technical trade-offs between short-term operational needs and long-term business needs.
- Drive awareness of policy, best practices, and regulations; you set standards and can escalate effectively, when needed.
- Make risk-based trade-offs with larger-scale impact, with strong knowledge of compensating controls.
- Your approach to work is exemplary—your solutions are inventive, scalable, and in alignment with security goals.
- Lead design discussions, participate in planning, tickets, metrics, and post-incident reviews.
- Support on-call for high priority events or incidents and make security simpler by creating predictable process paths.
- Resolve the root cause of complex problems and work to reduce areas where innovation is affected by needless bureaucracy or procedural bottlenecks. This may require you to influence security and technology decisions made by other teams, and partner orgs.
- Coach, mentor, and provide technical assessments for Security Engineer promotions.
- Provide solutions based on information security and encryption systems.
- Take a leadership role in the implementation of information security projects and security considerations of information technology projects.
- Contribute to the professional development of colleagues, improving their technical knowledge and security best practices.

REQUIREMENTS

Basic Qualifications

Job Requirements:

- Degree in Computer Science, Computer Engineering, Computer Information Systems, Electrical and Computer Engineering., with a concentration in security +4 years of relevant work experience.
- Coding skills in at least one of the following languages: Python, C, C++, Java, Ruby, and/or PowerShell
- Have significant domain expertise in three or more core (ISC)2 CBK areas and secondary specializations, (e.g. infrastructure security, threat intelligence, security operation, endpoint security, or identity management).
- Track record of delivering pragmatic security solutions that effectively reduced risk.
- Certified in one or more of the following: CEH, OSCP/E, LPT, GCIH, and/or equivalent
- You understand how security is applied across different types of systems.
- Can engage autonomously with product and system owners and partner with leaders to resolve ambiguous security problems
- Able to deliver solid security defenses. (Q. What countermeasures prevent this product from becoming a target? How does security fit into a business or technical decisions?).
- Understands how to administer and harden internal processes and systems against outside attacks.
- Able to influence peer engineers and executive leadership on system, network, or software design choices to help them comply with security policies, best practices, and regulations.
- Experience responding to and preventing high priority threat events and incidents

Preferred Qualifications

Core Competencies:

- Penetration Testing
- Application security architecture and code review
- Security automation
- Cloud security (preferable on AWS)
- Data Encryption algorithms and deployment
- sKali Linux

ABOUT THE COMPANY

Amazon.ae, formerly Souq.com, is an English-Arabic language e-commerce platform, owned by Amazon, Inc. It is the largest e-commerce platform in the Arab world. On March 28, 2017, Amazon.com Inc. confirmed it would be acquiring Souq.com for $580 million. On May 1, 2019, Souq.com became known as Amazon.ae.

Advertise Here
INSTALL APP
×