Information Security Engineer - Vulnerability Assessment

Description :

As an InfoSec Engineer, you will take ownership of securing our applications, cloud infrastructure, and Kubernetes environments. You will design and implement defenses across AWS, strengthen web application security, manage WAFs and firewalls, and drive meaningful security automation. This is a hands-on, high-impact role where your work directly enhances the security and resilience of our financial infrastructure as we scale. This role is ideal for a technically strong security engineer with deep experience in application and cloud security, who thrives in fast-paced environments and enjoys solving complex problems through both technical execution and cross-functional collaboration.

Responsibilities :

- Application Security : Perform manual and automated web application testing, identify vulnerabilities, and provide actionable remediation guidance.

- Source Code Review : Conduct manual/automated reviews across backend and frontend services, focusing on authentication, authorization, cryptography, and data protection.

- Cloud Security (AWS) : Secure AWS environments by implementing IAM best practices, network segmentation, encryption, and continuous monitoring.

- Kubernetes Security : Harden Kubernetes clusters, secure workloads, and integrate runtime protection and policy enforcement tools.

- Firewall and WAF Management : Configure and tune rules, monitor traffic, and maintain high availability of perimeter defenses (e. g., cloud-based WAF and CDN services).

- Penetration Testing (Nice-to-have) : Plan and conduct internal pen tests, vulnerability assessments, and adversarial simulations.

- Security Automation : Build tools and scripts (Python, Bash, Go, etc. ) to automate scanning, log analysis, monitoring, and alerting.

- Collaboration with Engineering : Work closely with software and DevOps teams to remediate vulnerabilities, guide secure design decisions, and strengthen overall architecture.

- Policy and Compliance Support : Contribute to the creation and maintenance of security policies, standards, incident response playbooks, and compliance frameworks.

- Continuous Improvement : Research emerging threats, evaluate tools, and proactively recommend enhancements to strengthen our defense posture.

Requirements :

- 4+ years of experience in Information Security, Application Security, or Cloud Security.

- Strong understanding of security fundamentals, networks, operating systems, and cloud environments.

- Hands-on scripting/programming experience (Python, Go, Bash, etc. ) for automation.

- Strong analytical and problem-solving skills with pragmatic risk-based thinking.

- Clear communication skills with the ability to explain risks and influence decisions.

- Demonstrated ability to operate independently with minimal oversight while collaborating effectively in a team.

Nice-to-Have Qualifications :

- Experience with AppSec testing tools (Burp Suite, ZAP, SAST/DAST).

- Knowledge of secure SDLC and developer enablement.

- Hands-on exposure to AWS security services (IAM, GuardDuty, Config, Security Hub, KMS).

- Practical experience with Kubernetes security tools (OPA/Gatekeeper, Kyverno, Falco, Aqua, Prisma).

- Familiarity with DevSecOps workflows and CI/CD security integration.

- Exposure to incident response or digital forensics.

- Relevant certifications (OSCP, OSWE, AWS Security Specialty, CISSP).

What Sets Great Candidates Apart :

- Ability to take ownership of ambiguous problem areas and execute with limited resources.

- Strong team-first mentality that reinforces a collaborative, high-performance culture.

- Proven track record in high-growth or startup environments.

- Experience partnering with cross-functional teams to drive secure product delivery.