Information Security Engineer

Who are we

Sporty's sites are some of the most popular on the internet, consistently staying in Alexa's list of top websites for the countries they operate in

In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc. We are looking for a capable team member who enjoys security work and possesses both deep and wide expertise in the security space.

Our Stack

Languages: Python, AWS Lambda

Networking: AWS Cloud, AWS Global Accelerator, PFSense, OpenWRT

VPN: IPSec, L2TP, OpenVPN, Wireguard, Zerotier

Computing & Storage: AWS EC2, AWS VPC, AWS EBS, S3

Monitoring: AWS Cloudwatch

Logging: ELK, OpenSearch

CDN: CloudFront, Cloudflare

WAF: AWS WAF, Cloudflare

DDoS Protection: AWS Shield, Cloudflare

Tools: Kali Linux, MobSF, Frida, Metasploit, WireShark, BrupSuite, NMAP etc

Responsibilities

• Work directly with the project teams to facilitate building secure workflows, processes, systems, and services
• Develop best practices and security standards for the organization
• Understand software, infrastructure and internet needs and adjust them according to the business environment
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Ensure the organization knows as much as possible, as quickly as possible about security incidents
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Find cost-effective solutions to cybersecurity problems
• Conduct the internal/external security test/audit on our service, application, and infrastructure
• Assist fellow Team Members with cybersecurity, software, hardware or infrastructure needs

Requirements

• 3+ years' experience of working as a Security Engineer or other relevant position
• Basic coding skills such as HTML, CSS, Shell Script, Python and other languages
• In-depth knowledge of database and operating system security
• CyberSecurity certifications such as CISSP, CISA/CISM, CompTIA Security+, CEH, or GSEC would be beneficial
• Certifications such as  PMP, ISO 27001 LA would be beneficial
• Ability to discover and identify  SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
• Knowledge of browser-based security controls such as CSP, HSTS, XFO
• Experience with standard web application security tools (Arachni, BurpSuite)
• An understanding of best practices and how to implement them at a business-wide level
• Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
• Hands-on experience in network security and networking technologies and with system٫ security, and network monitoring tools
• Ability to prioritize projects
• Comfortable working in a fast-paced environment
• Excellent communication skills and able to think through
• Critical thinking skills and the ability to solve problems as they arise
• English proficiency written and spoken
  
  

Interview Process

• HackerRank Test
  
• Remote 90 Minute Video Interview with 3x Team Members (30 Minutes Each)
• 24-72 hour feedback loops throughout process

Benefits

Quarterly and flash bonuses

Flexible working hours

Top-of-the-line equipment

Education allowance

Referral bonuses

28 days paid annual leave

Annual company retreat - we all went to Dubai in 2022 and are planning 2 more retreats for 2023!

Highly talented, dependable co-workers in a global, multicultural organisation

We score 100% on The Joel Test

Our teams are small enough for you to be impactful

Our business is globally established and successful, offering stability and security to our Team Members