Title: Security Engineer
Company Name: Deriv Services Ltd
Vacancy: 5
Job Location: Malaysia
Employment Status: Full-time
Educational Requirements:
∎ Skills Required: Cyber Security, Penetration testing, programiming language
Experience Requirements:
∎ At least 2 year(s)
∎ The applicants should have experience in the following area(s):
Cyber Security, Penetration testing, Programming
Job Context:
∎ Our team
∎ We are the Information Security team. We`re the first line of defence against hackers and security flaws that may impact our trading operations and global client base. We manage threats and potential security risks through smart strategies, airtight policies, meticulous communication, and technical execution.
Job Responsibilities:
∎ Your role
∎ As a Security Engineer at Deriv.com, you'll perform penetration testing on our web applications and identify potential security issues. Your work will include developing, implementing, and integrating open-source security solutions, such as IDS and SIEM, and you will be in charge of monitoring and auditing Amazon Web Services system and service changes as well. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats.
∎ What you'll do
∎ Check our systems against the latest attacks, vulnerabilities, and mitigations.
∎ Identify attack vectors.
∎ Conduct security reviews of production infrastructure.
∎ Build security tools and processes for critical infrastructure monitoring, protection, and mitigation.
∎ Perform regular pentesting of our web applications.
∎ Monitor our automated security scripts and utilise them to identify threats.
∎ Manage our bug bounty programme.
∎ What you have
∎ Experience in using AWS security tools
∎ Experience in white-box security testing method
∎ Experience with web application security and testing, security monitoring, and intrusion detection
∎ Experience with fuzzing and finding edge cases in validation
∎ Understanding of encryption fundamentals and the OWASP Top 10
∎ A good understanding of attacks and mitigations such as timing, injection (e.g. form
∎ parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
∎ Ability to assess the security impact of bugs and API inconsistencies
∎ Familiarity with industry standard tools such as Burp Suite and Metasploit
∎ Experience in writing custom code and scripts to investigate security threats
∎ A clear understanding of the OSI model, TCP/IP, and other industry-standard network
∎ defence concepts
∎ Knowledge of the latest industry trends and best practices in information security
∎ Excellent spoken and written English communication skills
∎ What's good to have
∎ Knowledge of cloud-related risks and vulnerabilities
∎ Familiarity with security best practices for cloud workloads
∎ Firm grasp of security and disaster recovery measures
∎ Operational experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt
∎ OSCP, eCCPT, Security+, CISSP, or any GIAC certification
Salary: Negotiable
Compensation & Other Benefits:
∎ Medical allowance, Performance bonus, Weekly 2 holidays
∎ Salary Review: Yearly
Job Source: Bdjobs.com Online Job Posting.
Application Deadline: 3 Apr 2022
Company Information:
∎ 13 Mar 2022
∎ Deriv Services Ltd
∎ Address : 13th floor, iTech Tower, Jalan Impact, 63000 Cyberjaya, Selangor
∎ Web : https://deriv.com/
∎ Business : We’re Deriv. We’re all about trading. We’re the geeky upstarts who pioneered an industry. That was more than 20 years ago, and we’re still going strong. Today, we work across continents and serve over a million traders from around the globe.
Join us. Grow with us.
Category: IT/Telecommunication
Source: bdjobs.com