In a previous article we detailed on the team called Team Support. This is basically the team that provides the other 4PSA teams with input and resources so that they can work more efficiently.
Our latest opening in the Team Support (Bucharest, Romania) is quite an interesting one – Senior Security Engineer. What is this position doing in Team Support, you might ask… Two reasons: the person filling this position is going to report directly to upper management and in order to be efficient she/he should not be “corrupted” by a product team.
Why We Need a Security Engineer
We are a pretty security-aware organization as we have been working with cloud resources for so many years, in both programming and infrastructure. Security responsibilities have been distributed among our team members.
Unfortunately, it is much harder to keep the gate secure than to penetrate the system – the thief needs only one chance, while the guard must stay alert 24/7. The popularity of our software is increasing rapidly; therefore it has become more and more targeted by the bad guys. One solution we have is to act like the bad guys – basically, attack our own software and infrastructure. And we are usually successful in doing this, in fact we discover several issues on each session we run internally. We are not satisfied with the results though; we want to expand the range of investigations and get into new areas. This is why we are looking for someone who loves doing this on a 24/7 basis (no, you will not have to work 24/7 :)).
What You Should Know
You must be the most knowledgeable in our team in IT security, above everything else. While this might not seem so hard, due to reasons we cannot disclose, it’s actually not so simple.
You must be an expert in software security, especially on the web stack. Security is about the weakest spot, so you must be proficient in forensics analysis, vulnerability management, OS security (with focus on Linux), and network protocols. As workstations are also an efficient attack vector, you must also be able to detect issues on their level, such as various forms of malware attacks.
What You Will Be Doing
Your most important responsibility is the security monitoring for all our software. This means that your primary job is to break it. And if you cannot do it directly, you can use third-party libraries we rely on. You must also monitor the vulnerability databases for known issues that could affect our software and infrastructure. You are going to be responsible for the security component of all our internal procedures and you will have to document and enforce best security practices in the organization. You will work closely with software engineers to enhance the software security posture. This involves evangelizing security and secure coding practices. Yes, you are going to be hated and loved at the same time by everyone. 😉
We realize that there are a lot of things we do very specifically, that’s why we will teach you about our stacks, infrastructure and everything you need to make your life easier.
To gain the experience level we require, you should have worked in IT security for at least 7 years, but it depends a lot on your passions and field of activity.
What We Offer
We are looking for a security expert we can learn from, but there is a lot we can teach you as well. We have been working on a lot of innovative stuff and you are going to be one of the first to bullet-proof it. Our products have a global reach and the services we are going to launch will be even more popular. So there is a lot of interesting stuff for you, lots of research to do, forensics analysis, monitoring and evaluation.
On the financial side, we are going to reward your contribution in a fair way, and as your performance can be easily evaluated you will enjoy the benefits of being good. 😉
If you are interested in this position, drop us an email at jobs AT 4psa.com or simply apply online.