Security Software Engineer

What you'll do

Keep us safe, keep our users safe, keep our code safe.
Make eyeo's products more secure and help develop this culture of security within the company.

After your morning coffee, you'll be expected to...

• Build, implement and maintain information security tools
• Automate security controls, create security reviews of software applications, and work on process and procedure improvements to reduce risk
• Understand and apply best practices with a focus on Application Security in the SDLC
• Communicate security risks and solutions to business partners and IT staff
• Work closely with product and platform teams to implement, upgrade and monitor security controls and measures
• Provide coaching and support to the teams, including secure design, code reviews and tooling
• Assess current security posture and future architecture, providing a viable solution path to bridge the gap that balances security risks and product advancement.

Support the SecOps team in the following tasks:

• Response and remediation on active attacks on enterprise assets
• Risk assessment and Threat Modelling
• Internal pentest and 3rd party pentest
• Providing security guidelines to eyeo operations team, feedback on security policies, technical support on audits (Internal & External)

What you bring to the table...

• 3 years experience minimum C++, Java (preferably on android sdk)
• Familiar with OWASP Secure Coding Practices
• Strong preference for working experience with security tools, using static code analysis, dynamic code analysis, and 3rd-party library assessment tools
• Experience in Threat Modelling
• Bachelor's degree in Computer Science or related field or equivalent working experience
• Deployment (CI/CD) processes/concepts, REST API technology and methods and common security vulnerabilities and fixes
• Current understanding of industry security trends and emerging threats
• Knowledge and understanding in various disciplines: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, vulnerability management.
• Knowledge and understanding of attack surfaces

It's awesome, but not required, if you have...

• Experience in intrusion analysis and detection and can provide solutions
• Experience in ethical hacking, penetration testing or being a member of a red team.
• Familiarity with various cybersecurity-related frameworks and compliance standards (SOC 2, NIST, BSI, ISO 27001, etc.)
• Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, OSCP etc)