Job Details

Principal Application Security Engineer - E-Commerce Platform

Job Info:

Category: Other
Company Description: The Best Engineered e-commerce Platform in the World
Salary: Highly Competitive, Depending on Experience
Position Type: Permanent
Job Number: 8936

Job Description:

Our client needs super smart engineers from all levels to help us build one of the best engineered e-commerce platform in the world (big talk we know, but that is our goal!). Our client's engineers combine creativity, curiosity, and drive to continuously perfect and revolutionize their platform from the inside out. They are looking to bring more intellectually curious engineers who are passionate about technology in general. Our client is a technology first company and prides itself on its culture of learning and knowledge sharing and they want all their engineers to be as passionate as they are!  

Our Client's Environment

Our client's infrastructure is largely built on Microsoft Windows. They have a hybrid configuration with on premise servers and cloud based servers using Microsoft Azure with many additional technologies and middleware. They support three warehouses, a call center, corporate headquarters, and the development environment in the cloud. Our client's team uses a mix of Windows, Apple, and some Linux for their systems management platforms and cutting edge network equipment. About 50% of the development platform runs on Linux and the rest Windows.  

About the Job

Our client is building an elite information security team and is looking for a strong hands-on principal security engineer. You will be a key member of the security team and will be responsible for a wide range of security projects focused on advanced defense and detection capabilities.    

You will be a hands on self-starter with extraordinary technical skills. As a Principal Security Engineer, you will work with new technologies, identifying security vulnerabilities and implementing security solutions to improve our client's security posture. Your contributions will be highly valued by company leadership and you will be given the autonomy to get the job done.   

If you thrive in a dynamic environment where you are implementing crucial information security defenses, then this is the job for you!   

Specific Responsibilities May Include:

  • Develop solutions to protect our client's Microsoft Azure environment.
  • Contribute to the overall security of our client by threat modeling and identifying security vulnerabilities and weaknesses in applications and infrastructure.
  • Perform internal and external penetration tests of our client's systems and networks using commercial and open source exploitation tools.
  • Use manual techniques and tools to identify and verify exposure to common security vulnerabilities and provide remediation guidance.
  • Perform technical security assessments, source code audits, and design reviews.
  • Assess, understand, and communicate the risks associated with a security vulnerability.
  • Evaluate application security tools and deploy new automation strategies to improve their detection and prevention capabilities.
  • Conduct research to identify new attack vectors against our client's services.
  • Develop technical solutions and secure coding practices to help mitigate security vulnerabilities.
  • Participate in incident response and vulnerability remediation efforts.

About You:

  • 5+ years hands-on experience in information security.
  • Substantial knowledge of web application attacks and defense strategies including OWASP Top 10 and CWE Top 25 (SQL injection, XSS, CSRF, DoS, logic flaws, API attacks, etc.).
  • Strong knowledge of the browser security model, crypto, and network security.
  • Experience with application security tools, such as web application security scanners, static code analysis, vulnerability scanners, etc.
  • Background in penetration testing using tools such as Nessus, Burp, Volatility Framework, Metasploit, etc.  
  • Working knowledge of securing infrastructure components (Servers, Firewalls, Active Directory, etc.).
  • Detailed understanding of Windows, OS X, and Linux security.
  • Effective communication skills and the ability to work collaboratively with engineering and IT.

Preferred Qualifications:

  • Experience assessing and defending cloud-based services and infrastructure.
  • Hands-on experience and working knowledge of Azure services and experience building High-Availability environments.
  • Experience with scripting and/or software development.
  • Programming experience in Python, Bash, C, .NET, Java or JavaScript.
  • Experience with Splunk or similar log management tools.
  • OSCP or related Offensive Security certifications.
  • Contributions to the security community such as research, CVEs, presentations, bug-bounty recognitions, open-source, blogs or publications.

All qualified candidates are encouraged to apply by submitting their resume as an MS word document including a cover letter with a summary of relevant qualifications, highlighting clearly any special or relevant experience.

Please Note: All inquiries will be treated with the utmost confidentiality. Your resume will not be submitted to any client company without your prior knowledge and consent.

Contact Recruiter
Senior Technical Recruiter
Andiamo Partners | 90 Broad Street, Suite 1501, New York, NY 10004

Share Share this Job