Security Operations (SecOps) Engineer - O2E Brands
O2E Brands is seeking a seasoned security professional to develop our organizational security framework and road map.
Are you someone who is passionate about using their security prowess to drive the architecture, processes, and change management to build a strong security mindset in your organization? In this hands-on role, you will be involved in designing, developing and deploying security technologies; identifying and recommending fixes for security bugs; performing code reviews & penetration tests; and providing advisory & guidance on security solutions.
A day in the life:
- Analyze security systems and seek improvements on a continuous basis
- Report possible threats or software issues and drive remediation initiatives
- Research weaknesses and find ways to counter them
- Find cost-effective solutions to cybersecurity problems
- Develop best practices and security standards for the organization
- Proactively test applications, firmware and infrastructure for vulnerabilities
- Develop security engineering components from inception to production with minimal oversight and guidance
- Support the technical components of our incident response team by executing operational playbooks as required
- Groom the backlog of security tickets and help with operational prioritization.
- Mentor & develop the team, and provide in the moment guidance in making architectural design decisions.
- Translate organizational security objectives into operational priorities.
- Support and advise the IT Ops teams in the design and implementation of a secure cloud hosting platform
- Recommend and deploy tooling to manage security in the delivery pipelines as well as production systems
- Conduct security assessments of applications by doing code reviews and provide mitigation recommendations
- Perform penetration tests using manual and automated methods to identify vulnerabilities
- Provide advice on security bug remediation to operational and development teams
- Provide ongoing security awareness training to technical and non-technical teams
What you bring to the table:
- Proven experience in a similar role, probably developed from previous roles as an application architect, system architect, software developer or system administrator
- Experience working in a cloud (AWS would be great!) environment with CI/CD along with extensive familiarity with Unix / Linux based operating systems
- Solid understanding of application and database security concepts and architectural principles around authentication, authorization, session management, configuration management, data handling and cryptography
- Thorough understanding of infrastructure and application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities
- Specific experience in dynamic security testing using techniques and tools like Burp Suite, Nikto, Appscan, Paros, Fiddler, WebInspect, Skipfish, etc.
- Creativity and Innovation: you seek new and better ways of doing things, generate original and imaginative ideas, products, and solutions
- Problem Solver: you use an organized and logical approach to find solutions to complex problems, looking beyond the obvious to understand the root cause of problem
- Degree or Diploma in Computer Science, Engineering, Mathematics or a similar field along with cloud engineering and security certifications
Is this the next step in your career you've been seeking? Send us a resume and let's talk about it!