Job Details

Principal Security Engineer

Job Info:

Category: Infrastructure
Company Description: The Best Engineered e-commerce Platform in the World
Salary: Highly Competitive, Depending on Experience
Position Type: Permanent
Job Number: 9073

Job Description:

Principal Security Engineer

We need super smart engineers from all levels to help us build one of the best engineered e-commerce platform in the world (big talk we know, but that is our goal!). Our engineers combine creativity, curiosity, and drive to continuously perfect and revolutionize from the inside out. We are looking to bring more intellectually curious engineers who are passionate about technology in general. We are a technology first company and prides itself on its culture of learning and knowledge sharing and we want all our engineers to be as passionate as we are!  

Our Client's Environment:

Our infrastructure is largely built on Microsoft Windows. We have a hybrid configuration with on premise servers and cloud based servers using Microsoft Azure with many additional technologies and middleware. We support three warehouses, a call center, corporate headquarters, and the development environment in the cloud. Our team uses a mix of Windows, Apple, and some Linux for our systems management platforms and cutting edge network equipment. About 50% of the development platform runs on Linux and the rest Windows.  

About the Job:

We are building an elite information security team and is looking for a strong hands-on Principal Security Engineer. You will be a key member of the security team and will be responsible for a wide range of security projects focused on advanced defense and detection capabilities.    

On our team you will be a hands on self-starter with extraordinary technical skills. As a Principal Security Engineer, you will work with new technologies, identifying security vulnerabilities and implementing security solutions to improve our security posture. Your contributions will be highly valued by company leadership and you will be given the autonomy to get the job done.   

If you thrive in a dynamic environment where you are implementing crucial information security defenses, then this is the job for you!   

Specific Responsibilities May Include:

  • Develop solutions to protect our Microsoft Azure environment.
  • Contribute to our overall security by threat modeling and identifying security vulnerabilities and weaknesses in applications and infrastructure.
  • Perform internal and external penetration tests of our systems and networks using commercial and open source exploitation tools.
  • Use manual techniques and tools to identify and verify exposure to common security vulnerabilities and provide remediation guidance.
  • Perform technical security assessments, source code audits, and design reviews.
  • Assess, understand, and communicate the risks associated with a security vulnerability.
  • Evaluate application security tools and deploy new automation strategies to improve our detection and prevention capabilities.
  • Conduct research to identify new attack vectors against our services.
  • Develop technical solutions and secure coding practices to help mitigate security vulnerabilities.
  • Participate in incident response and vulnerability remediation efforts.

About You:

  • 3+ years hands-on experience in information security.
  • Substantial knowledge of web application attacks and defense strategies including OWASP Top 10 and CWE Top 25 (SQL injection, XSS, CSRFDoS, logic flaws, API attacks, etc.).
  • Strong knowledge of the browser security model, crypto, and network security.
  • Experience with application security tools, such as web application security scanners, static code analysis, vulnerability scanners, etc.
  • Background in penetration testing using tools such as Nessus, Burp, Volatility Framework, Metasploit, etc.  
  • Working knowledge of securing infrastructure components (Servers, Firewalls, Active Directory, etc.).
  • Detailed understanding of Windows, OS X, and Linux security.
  • Effective communication skills and the ability to work collaboratively with engineering and IT.

Preferred Qualifications:

  • Experience assessing and defending cloud-based services and infrastructure.
  • Hands-on experience and working knowledge of Azure services and experience building High-Availability environments.
  • Experience with scripting and/or software development.
  • Programming experience in Python, Bash, C, .NET, Java or JavaScript.
  • Experience with Splunk or similar log management tools.
  • OSCP or related Offensive Security certifications.
  • Contributions to the security community such as research, CVEs, presentations, bug-bounty recognitions, open-source, blogs or publications.

All qualified candidates are encouraged to apply by submitting their resume as an MS word document including a cover letter with a summary of relevant qualifications, highlighting clearly any special or relevant experience.

Please Note: All inquiries will be treated with the utmost confidentiality. Your resume will not be submitted to any client company without your prior knowledge and consent.

Contact Recruiter
Senior Technical Recruiter
Andiamo Partners | 90 Broad Street, Suite 1501, New York, NY 10004

Share Share this Job