Key skills
AWSCloudJavaScriptNode.jsOpen SourceReactReduxSOAPSQLIAMOWASP
About this role
Role Overview
- Responsible for the overall design and direction of eCommerce Security Engineering across all applications
- Critical in the development and ongoing security posture for digital commerce applications
- Accountable for identifying and implementing our security principles and best practices to maintain application security and address the impact of non-human HTTP traffic on both the performance and security of the application by applying blocks, rate limits, tarpits, or other remediation
- Partnering with the Security Team on Vulnerability Scanning
- Manage SSL certificates
- Assist with cloud architecture IAM needs
- Create processes for analyzing web traffic to identify patterns of abuse on the website
- Provide guidance and/or implement mitigation to address discovered abuse patterns using modern security tools
- Work with developers and performance engineers to assist in securing the solution
- As a subject matter expert, leverage various monitoring tools to analyze the security posture of both systems and applications while working independently and collaboratively to address any issues discovered
- Collaborate with software development and platform engineers to review threat models and apply corresponding mitigation policies
- Accountable to protect all external endpoints to the application stack and facilitate vulnerability scans / remediations
Requirements
- Must be a US Citizen or Green Card holder or Visa Transfer (H1 or TN)
- 10+ years as a Technical Security Engineer
- 5+ years DevSecOps experience (5-7+ years preferred)
- Extensive DevSecOps experience in the retail domain and e-commerce design space
- Expert who can communicate needs and influence throughout the organization
- Knowledge of AWS, REACT, NODE.JS and Redux
- Creative eye for design
- Must have enterprise or retail level applications
- Strong understanding of retail domain and eCommerce design and operational processes
- Experience in DevSecOps working with developers and engineering teams in a dynamic environment to promote / implement DevSecOps throughout the organization
- Development and maintenance / management of architecture-based documentation
- Knowledge of open source and commercial application security tools and frameworks
- Experience with modern security and defense mechanism applications
- Experience in exploiting web apps and providing guidance on web services security vulnerabilities: cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML / SOAP, and API attacks
- Expert knowledge of DDos techniques, OWASP risks, Vulnerabilities, and Mitigation Mechanisms
- Proficiency in common network and web protocols
- Prior work in cloud environments and understanding of cloud infrastructure
- CI / CD software pipelines experience
- Work experience with on-site and off-site development teams, coordinating work, expectations, and delivery
Tech Stack
- AWS
- Cloud
- JavaScript
- Node.js
- Open Source
- React
- Redux
- SOAP
- SQL
Benefits
- Unlimited personal leave
- Health and Life Insurance
- Medical, Dental, and Vision insurance
- 401K matching
- Fun and flexible environment
- Parental leave