Information Security Engineer

Sporty's sites are some of the most popular on the internet, consistently staying in Alexa's list of top websites for the countries they operate in

In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc. We are looking for a capable team member who enjoys security work and possesses both deep and wide expertise in the security space.

Responsibilities

Work directly with the project teams to facilitate building secure workflows, processes, systems, and services

Develop best practices and security standards for the organization

Understand software, infrastructure and internet needs and adjust them according to the business environment

Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks

Ensure the organization knows as much as possible, as quickly as possible about security incidents

Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement

Find cost-effective solutions to cybersecurity problems

Conduct the internal/external security test/audit on our service, application, and infrastructure

Assist fellow Team Members with cybersecurity, software, hardware or infrastructure needs

3+ years' experience of working as a Security Engineer or other relevant position

Basic coding skills such as HTML, CSS, Shell Script, Python and other languages

In-depth knowledge of database and operating system security

Ability to discover and identify SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)

Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP

Knowledge of browser-based security controls such as CSP, HSTS, XFO

Experience with standard web application security tools (Arachni, BurpSuite)

An understanding of best practices and how to implement them at a business-wide level

Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering

Hands-on experience in network security and networking technologies and with system٫ security, and network monitoring tools

Excellent communication skills and able to think through

Critical thinking skills and the ability to solve problems as they arise

English proficiency written and spoken

CyberSecurity certifications such as CISSP, CISA/CISM, CompTIA Security+, CEH, or GSEC would be beneficial

Certifications such as PMP, ISO 27001 LA would be beneficial