In a Nutshell:
Gaditek is seeking a Senior Engineer Information Security to assess and implement Information Security controls and procedures across various organizational and product areas like Web Applications, Cloud Security, Compliances, IAM, Security Monitoring, and ensure security best practices are implemented and are being continuously followed in all areas. The purpose is to strengthen the information security controls within the organization and product and minimize the security risks. The person should be able to work with different functional teams and get the Security requirements implemented.
Once you are here, you will:
- Work closely with different teams, assess the security requirements, and get them implemented
- Take part in the product development lifecycle with the mindset of maintaining a balance between usability and security of the product
- Assess and handle vulnerabilities reported through various mediums and work with the development team to mitigate them
- Assess the current application development and DevOps based workflows and instill DevSecOps tools and practices
- Develop and maintain documentation for security procedures
- Develop security baseline and standards on different layers e.g Web, Cloud Infrastructure, Microservices, Docker/Kubernetes, and work with the Engineering team to ensure best security practices are followed
- Participate in incident investigation and incident response
- Stay updated on current security industry trends
What does GADITEK offer you?
Gaditek is a new-age digital company. We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. Gaditek is home to some of the best talents in the world, working on our 7 tech brands in 10 verticals and operating in 150+ countries across the globe. We are working on solving some of the most challenging and interesting technology projects around, on a scale unmatched by most.
We understand that “life happens” and give you the freedom to choose the best environment for you to “get the work done”. Gaditek provides interesting and challenging learning and development opportunities to help you make the most of your talents and your job.
We are helping leading global tech brands to build an innovative digital workspace. What’s most important to us is that you are respected, feel like you can be yourself and have the opportunity to do the best work of your life. We are a place where learning never stops. As a result, we’re among the best companies to work for in Pakistan with a plethora of benefits and an amazing culture.
Ideally, the person we are looking for should possess the curious mindset of “what can go wrong?” to be able to foresee security issues.
- Degree in Computer Science, Software Engineering, Cyber Security, or related fields
- Minimum 3 years of experience in a cybersecurity engineer role
- Minimum 1-2 years of experience in software development or DevOps
- Familiarity with the OWASP Security framework and defense controls against OWASP Top 10 vulnerabilities
- Demonstrable experience with Linux Operating System and its security hardening
- Understanding of Cloud security hardening (preferably AWS) and best practices
- Experience with security tools like BurpSuite, OWASP ZAP, and SAST/DAST tools
- Familiar with DevOps technologies like Git, Terraform, Ansible, Cloud, Containers, CI/CD
- Ability to understand business requirements and translate them into technical solutions
- Ability to understand compliance requirements and translate them into technical solutions
- Ability to code in Python, PHP and Bash
- Familiarity with modern web applications architecture like microservices, API Gateways, Lambda
- Knowledge of Security Frameworks and standards like NIST/ COBIT
- Familiarity with industry standard security certifications ISO2001/ SOC2/ GDPR/ HIPAA/ PCI
- Familiarity with threat modeling frameworks
- Have experience working with startups
Apply - Senior Engineer Infosec