Responsible for the overall design and direction of eCommerce Security Engineering across all applications
Critical in the development and ongoing security posture for digital commerce applications
Accountable for identifying and implementing our security principles and best practices to maintain application security and address the impact of non-human HTTP traffic on both the performance and security of the application by applying blocks, rate limits, tarpits, or other remediation
Partnering with the Security Team on Vulnerability Scanning
Manage SSL certificates
Assist with cloud architecture IAM needs
Create processes for analyzing web traffic to identify patterns of abuse on the website
Provide guidance and/or implement mitigation to address discovered abuse patterns using modern security tools
Work with developers and performance engineers to assist in securing the solution
As a subject matter expert, leverage various monitoring tools to analyze the security posture of both systems and applications while working independently and collaboratively to address any issues discovered
Collaborate with software development and platform engineers to review threat models and apply corresponding mitigation policies
Accountable to protect all external endpoints to the application stack and facilitate vulnerability scans / remediations
Requirements
Must be a US Citizen or Green Card holder or Visa Transfer (H1 or TN)
10+ years as a Technical Security Engineer
5+ years DevSecOps experience (5-7+ years preferred)
Extensive DevSecOps experience in the retail domain and e-commerce design space
Expert who can communicate needs and influence throughout the organization
Knowledge of AWS, REACT, NODE.JS and Redux
Creative eye for design
Must have enterprise or retail level applications
Strong understanding of retail domain and eCommerce design and operational processes
Experience in DevSecOps working with developers and engineering teams in a dynamic environment to promote / implement DevSecOps throughout the organization
Development and maintenance / management of architecture-based documentation
Knowledge of open source and commercial application security tools and frameworks
Experience with modern security and defense mechanism applications
Experience in exploiting web apps and providing guidance on web services security vulnerabilities: cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML / SOAP, and API attacks
Expert knowledge of DDos techniques, OWASP risks, Vulnerabilities, and Mitigation Mechanisms
Proficiency in common network and web protocols
Prior work in cloud environments and understanding of cloud infrastructure
CI / CD software pipelines experience
Work experience with on-site and off-site development teams, coordinating work, expectations, and delivery