Job Description:
• Responsible for the overall design and direction of eCommerce Security Engineering across all applications
• Critical in the development and ongoing security posture for digital commerce applications
• Accountable for identifying and implementing our security principles and best practices to maintain application security and address the impact of non-human HTTP traffic on both the performance and security of the application by applying blocks, rate limits, tarpits, or other remediation
• Partnering with the Security Team on Vulnerability Scanning
• Manage SSL certificates
• Assist with cloud architecture IAM needs
• Create processes for analyzing web traffic to identify patterns of abuse on the website
• Provide guidance and/or implement mitigation to address discovered abuse patterns using modern security tools
• Work with developers and performance engineers to assist in securing the solution
• As a subject matter expert, leverage various monitoring tools to analyze the security posture of both systems and applications while working independently and collaboratively to address any issues discovered
• Collaborate with software development and platform engineers to review threat models and apply corresponding mitigation policies
• Accountable to protect all external endpoints to the application stack and facilitate vulnerability scans / remediations
Requirements:
• Must be a US Citizen or Green Card holder or Visa Transfer (H1 or TN)
• 10+ years as a Technical Security Engineer
• 5+ years DevSecOps experience (5-7+ years preferred)
• Extensive DevSecOps experience in the retail domain and e-commerce design space
• Expert who can communicate needs and influence throughout the organization
• Knowledge of AWS, REACT, NODE.JS and Redux
• Creative eye for design
• Must have enterprise or retail level applications
• Strong understanding of retail domain and eCommerce design and operational processes
• Experience in DevSecOps working with developers and engineering teams in a dynamic environment to promote / implement DevSecOps throughout the organization
• Development and maintenance / management of architecture-based documentation
• Knowledge of open source and commercial application security tools and frameworks
• Experience with modern security and defense mechanism applications
• Experience in exploiting web apps and providing guidance on web services security vulnerabilities: cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML / SOAP, and API attacks
• Expert knowledge of DDos techniques, OWASP risks, Vulnerabilities, and Mitigation Mechanisms
• Proficiency in common network and web protocols
• Prior work in cloud environments and understanding of cloud infrastructure
• CI / CD software pipelines experience
• Work experience with on-site and off-site development teams, coordinating work, expectations, and delivery
Benefits:
• Unlimited personal leave
• Health and Life Insurance
• Medical, Dental, and Vision insurance
• 401K matching
• Fun and flexible environment
• Parental leave
Apply tot his job
Apply To this Job