استخدام Security Engineer
شرح موقعیت شغلی
About First Source Arya Solutions
First Source Arya Solutions is a software development company specialising in the global financial industry. We help our international clients grow their businesses with customer-centric products and services.
Our work environment is designed to foster personal and professional growth. A career at our company is an opportunity to make an impact in a fast-growing, global organisation.
The team
You’ll be part of our Information Security team. We monitor the company’s network and analyse new exploitation methods to strengthen our security systems. Our team also performs security and penetration tests on existing and new systems to protect our company’s operations from potential threats and security risks.
The role
As a Security Engineer at First Source Arya Solutions, you’ll develop strategic plans for the implementation of robust security measures for our infrastructure, systems, and networks. Your knowledge of the latest in cybersecurity will be crucial in eliminating security breaches. This role’s ultimate goal is to protect the company information and the clients’ security and privacy.
Challenges
● Respond to the cyber-attacks you detect to mitigate threats by integrating open-source SIEM and IDS/IPS solutions.
● Identify and mitigate vulnerabilities in our systems and networks.
● Protect our apps, databases, and architecture through automated security scripts and routine penetration testing .
● Handle our bug bounty programme, and validate vulnerability reports to fix the vulnerabilities identified through the programme.
● Increase security awareness among our staff by providing internal security training that covers preventive measures and best practices.
Minimum requirements
● Hands-on experience with validation testing, white-box web app penetration testing, and fuzzing
● Working experience in developing scripts and tools to detect security vulnerabilities and breaches
● Operational expertise with cloud providers, including analytics, log review, and security services
● Prominent skill in appraising the effects of API incompatibilities and bugs on security
● Up-to-date knowledge of the top 10 OWASP security risks and encryption techniques, as well as the best practices and developments in cybersecurity
● Strong knowledge of conceptual networking frameworks such as the OSI and TCP/IP models
● Advanced knowledge of standard security testing software such as Burp Suite and Metasploit
● Thorough understanding of the different types of cyberattacks, such as injection (SQL, form parameter, etc.), timing, DoS, side-channel, DNS cache poisoning, and buffer overflows, as well as a firm grasp on mitigation strategies
● Fluency in spoken and written English
Preferred knowledge and experience
● Security+, CEH, OSCP, CISSP, eCCPT, or any GIAC certification
● Working experience with bug bounty programmes, for example, Bugcrowd, HackerOne, and Cobalt
● Good knowledge of the security risks in cloud computing and the best practices in cloud workload protection
● Familiarity with disaster recovery and security recovery procedures
Perks and benefits
● Growth-inducing challenges
● Productive work atmosphere
● Collaboration, support, and empowerment
● Career progression opportunities
● Competitive salary
● Annual performance bonus
● Health benefits
Location
Negar Tower, Tehran
Due to the COVID-19 pandemic, remote work arrangement may be possible on a short-term basis.
First Source Arya Solutions is a software development company specialising in the global financial industry. We help our international clients grow their businesses with customer-centric products and services.
Our work environment is designed to foster personal and professional growth. A career at our company is an opportunity to make an impact in a fast-growing, global organisation.
The team
You’ll be part of our Information Security team. We monitor the company’s network and analyse new exploitation methods to strengthen our security systems. Our team also performs security and penetration tests on existing and new systems to protect our company’s operations from potential threats and security risks.
The role
As a Security Engineer at First Source Arya Solutions, you’ll develop strategic plans for the implementation of robust security measures for our infrastructure, systems, and networks. Your knowledge of the latest in cybersecurity will be crucial in eliminating security breaches. This role’s ultimate goal is to protect the company information and the clients’ security and privacy.
Challenges
● Respond to the cyber-attacks you detect to mitigate threats by integrating open-source SIEM and IDS/IPS solutions.
● Identify and mitigate vulnerabilities in our systems and networks.
● Protect our apps, databases, and architecture through automated security scripts and routine penetration testing .
● Handle our bug bounty programme, and validate vulnerability reports to fix the vulnerabilities identified through the programme.
● Increase security awareness among our staff by providing internal security training that covers preventive measures and best practices.
Minimum requirements
● Hands-on experience with validation testing, white-box web app penetration testing, and fuzzing
● Working experience in developing scripts and tools to detect security vulnerabilities and breaches
● Operational expertise with cloud providers, including analytics, log review, and security services
● Prominent skill in appraising the effects of API incompatibilities and bugs on security
● Up-to-date knowledge of the top 10 OWASP security risks and encryption techniques, as well as the best practices and developments in cybersecurity
● Strong knowledge of conceptual networking frameworks such as the OSI and TCP/IP models
● Advanced knowledge of standard security testing software such as Burp Suite and Metasploit
● Thorough understanding of the different types of cyberattacks, such as injection (SQL, form parameter, etc.), timing, DoS, side-channel, DNS cache poisoning, and buffer overflows, as well as a firm grasp on mitigation strategies
● Fluency in spoken and written English
Preferred knowledge and experience
● Security+, CEH, OSCP, CISSP, eCCPT, or any GIAC certification
● Working experience with bug bounty programmes, for example, Bugcrowd, HackerOne, and Cobalt
● Good knowledge of the security risks in cloud computing and the best practices in cloud workload protection
● Familiarity with disaster recovery and security recovery procedures
Perks and benefits
● Growth-inducing challenges
● Productive work atmosphere
● Collaboration, support, and empowerment
● Career progression opportunities
● Competitive salary
● Annual performance bonus
● Health benefits
Location
Negar Tower, Tehran
Due to the COVID-19 pandemic, remote work arrangement may be possible on a short-term basis.
مهارتهای مورد نیاز
- CEH
- cissp
- OSCP
- SQL
حداقل سابقه کار
- کمتر از سه سال
جنسیت
- مهم نیست
وضعیت نظام وظیفه
- معافیت تحصیلی معافیت دائم پایان خدمت