Results

Principal Security Engineer

<< Back to list

Our client is a world leading organisation creating cutting edge technology and a current key area of focus is on developing and growing consumer internet services. Alongside this they are of course developing a Security, Privacy and Continuity team with responsibility for ensuring that the Services relationship and business with its consumer customers and partners is protected and supported by essential Privacy, Security and Continuity solutions. To support this focus we are looking to hire a Principal Security Engineer to join the PSC team. 

Description:

As Principal Security Engineer you will work in a highly visible role working with teams across the business unit and other divisions to implement services complying with company security and privacy policies and applicable legislation while working on continuous delivery mode.

You will primarily contribute into proactively building security into the company's infrastructure, core platform software and business application software, helping services teams to secure their deployments and operations including continuous verification activities of the production services hosted and managed by operational teams. Additionally in this role you will be part of our 24x7 on call incident response team, which ensures rapid resolution of incidents limiting potential damage, and executes forensic analysis as needed. This is a hands-on position requiring a person with a great deal of system management experience together with a thorough understanding of various security principles, technologies and issues including understanding of exploitation techniques and vulnerability analysis.

Responsibilities will include:

• Driving the design and implementation of host based security and hardening cloud deployments, deployment of security services (remote access, network security, scanning services, log management systems), and security monitoring (IDS,DDoS,DLP etc..).
• Vulnerability analysis (for example linux kernel, Apache, JBoss, Tomcat, MySQL, PHP etc..) for core components as well as providing guidance and prioritization to our services regarding vulnerability patching including potentially writing our own patches or suggesting workarounds and temporary solutions for urgent cases.
• Participation as a security specialist in operational service delivery activities, perform security reviews of new services and releases, manage and execute security testing and auditing activities for services, handle security incidents and privacy issues, and contribute into overall security awareness programs.
• Interaction with development, product and ops teams and 3rd parties to ensure proper security design and functionality, including verification of services' launch readiness from security perspective.
• Close monitoring of key developments in the area of web application and systems security as well as new/emerging vulnerabilities, exploitation techniques and attack vectors as well as evaluation of their impacts on services in production and under development.
• Working in virtual teams, identifying needed/missing capabilities and contributing in security competence development in R&D and operations teams
• Proactive design and implementation work with service R&D and Ops team to build security into services and infrastructure. Practical examples are server hardening automation and related security testing, server configuration and file system/data integrity monitoring, log file monitoring and automation of security alerts and many other activities related to building host based security
• Participate in infrastructure security design, tuning and verification (IDS, DDoS, data collection tools etc..) lead by network security engineering
• Vulnerability analysis for key production components (such as Linux kernels, Apache, Tomcat, JBoss, MySQL, Java, PHP, NodeJS etc..), recommendations, guidance and help for security patching including coding of temporary patches
• Verification of new services/release application, platform and infrastructure components before production deployments
• Continuous penetration testing i.e. ethical hacking of our production services  
• Lead security incident resolution and mitigation activities as member of 24x7 on call services incident response team
• Execute forensic analysis during and after security incidents in order to ensure proper mitigation actions have been taken and needed evidence is collected and stored as needed
• Assist in and conduct internal planned and documented penetration testing and security audits including help in potential PCI audits.
• Act as the security representative in Change Advisory Board and other meetings
• Consult service teams on security considerations, best practises, and patterns

Candidate Requirements:

We are looking for a highly experienced engineer with a specialisation in security.

Specific requirements include:

• Bachelors degree in Computer Science or equivalent
• Strong work experience in securing systems and infrastructure
• Thorough understanding of Linux, Oracle, MySQL, Apache, Tomcat, JBoss and other typical Services technology components
• Understanding of cloud solutions such as Amazon EC2, Rackspace etc
• Knowledge of web technologies and standards: HTML, Javascript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SOAP, SAML, OAuth, OpenID
• Ability to execute penetration testing at platform and application layers (Web apps, REST APIs etc...)
• Understanding of attack vectors present in modern internet environment
• Understanding of exploitation techniques for various vulnerabilities
• Knowledge of linux internals - ability to track activities and anomaly detection
• Knowledge of network architecture, standards and protocols
• Ability to understand business drivers and priorities, and integrate these requirements into overall security design
• Understanding of security principles, best practices architectures, tools and processes
• Ability to communicate security objectives orally and in writing to a variety of audiences
• Self-motivation with the ability to work independently and as a team member with minimal direction
• Team skills, ability to work with people from various countries and cultural backgrounds

Expertise/skills preferred:

• Relevant work experience in application security
• Web programming background (PHP and Java preferred)
• Ability to read code for example: Java, C++, Ruby, PHP, Perl, Python, SQL and write programs to produce tools, test or demonstrate ideas
• Experience in secure application programming, coding life cycles and designs especially when applied in agile environments targeting for daily production updates
• Familiarity with reverse engineering techniques and tools

Special conditions:

This role is offered on a permanent basis and will be located in Germany. We are able to consider applicants based outside of Germany however you must be willing and able to relocate in order to take up the role (our client is able to provide a comprehensive relocation package should this be required)

This is an exceptional opportunity for an experienced application engineer with expertise in the security arena. This is a new role within a growing team and you will work with a wide range of teams across an exciting area within the business.  

Location: Germany