Information Security Engineer

We are looking to hire an Information Security Engineer who will work closely with developers, DevOps, and infrastructure teams to enhance the security of our products and platforms. This role is ideal for individuals who are passionate about security and eager to grow in a collaborative and fast-paced environment.

Responsibilities:

• Perform application security reviews, including Java code review, threat modeling, and vulnerability assessments.
• Identify and remediate security vulnerabilities in web, API, and mobile applications, with a focus on OWASP Top 10 risks.
• Collaborate with developers to integrate security best practices into the SDLC and CI/CD pipelines.
• Conduct penetration tests and manage third-party security assessments.
• Develop and enforce secure coding standards for Java and related frameworks.
• Support automation of security testing tools (SAST, DAST, SCA).
• Implement and maintain security controls across servers, cloud environments, and networks.
• Support vulnerability management, patching, and configuration hardening.
• Monitor for security threats, investigate incidents, and support incident response.

Requirements

• Minimum 1 year of professional experience in security (application or infrastructure).
• OR relevant certification such as OSCP, OSWE, or equivalent.
• Strong understanding of application security principles (OWASP Top 10, secure coding, threat modeling).
• Familiarity with tools like Burp Suite, OWASP ZAP, SAST/DAST scanners, etc.
• Excellent problem-solving skills and ability to communicate technical findings clearly.

Nice-to-Have

• Familiarity with Java-based applications and common frameworks (e.g., Spring).
• Experience with DevSecOps and CI/CD pipeline security.
• Familiarity with infrastructure/cloud security.