Senior Information Security Engineer
Contour Software
Lahore, Punjab, PK
2d ago

The Division :

ReverseVission a division of Perseus (an operating group of Constellation Software Inc.) provides reverse mortgage software solutions.

The Company offers RV exchange, sales accelerator, database, document composing, live and online source, and other mortgage software solutions.

ReverseVision serves the banks and credit unions, brokers and lenders, and borrowers worldwide.

The position :

The IT Security Engineer is responsible for proactively maintaining ReverseVision information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems.

This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams, product owners, and other groups .

Required Qualifications & Skills :

  • Strong understanding of security controls / services in public cloud environments (AWS / Azure)
  • Experience on a Security Operations or DevSecOps team, or experience responding to security incidents
  • Experience with other security solutions, such as EDR, SASE, firewalls, DLP, NAC, IDS / IPS, and vulnerability assessment tools
  • Knowledge of security frameworks and standards, including MITRE Att&CK, OWASP, and NIST
  • Understanding the best practices, control frameworks, and applicable existing and new legal / regulatory requirements (e.
  • g., SEC Regulation S-P, FINRA cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)

  • Experience with SOC1 and SOC2 certification and compliance
  • Ability to work within an Agile / Scrum framework and to manage work in Jira.
  • Preferred certifications include AWS Certified Security Specialty, OSCP, CEH, Sec+, CISSP, CISM, CSSLP, and / or CISA
  • Strong understanding of web application security assessment techniques.
  • Knowledge of static and dynamic security analysis tools.
  • Knowledge of the Security Development Lifecycle (SDLC).
  • Responsibilities :

    The following duties include, but are not limited to :

  • Reviews current corporate policies and helps redefine policies and procedures
  • Stays current on IT security trends and news
  • Manages security monitoring and threat detection systems for cloud environments
  • Proactively updates and maintains tools for monitoring and support
  • Supports cloud compliance / certification activities and participates in security audits / reviews.
  • Provides consulting and influences other teams to mature cloud / DevOps security.
  • Serves as a security expert and provides technical leadership to other staff members.
  • Conducts security reviews of web applications, services, integrations, and APIs
  • Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
  • Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
  • Reviews, maintains and enhances current scanning and testing tools
  • Verifies security vulnerabilities identified by automated tools
  • Performs manual testing to supplement results of automated scanning and testing tools
  • Documents identified security vulnerabilities and related matters in a clear, concise and timely manner
  • Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation
  • Resolves issues and provides statuses that which may impact testing
  • Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard
  • Organizes / facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities
  • Maintains electronic or trail of testing activity for audit purposes
  • Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and / or retesting
  • Investigates potential security breaches and other cybersecurity incidents
  • Works with DevOps and QA Teams to perform tests and uncover potential network / systems / application vulnerabilities
  • Nice to Have;
  • Autonomously utilizing excellent coding skills.
  • Strong understanding of cloud container and Kubernetes networking and network security.
  • Proficiency in programming and scripting languages such as C#, JavaScript, Shell Scripting, BASH, REST APIs, JSON, and XML
  • Ability to implement, administer, and troubleshoot servers, network infrastructure devices, firewalls, routers, access control policies, authentication systems, intrusion detection systems, anti-virus software, log management, and content filtering
  • Exciting Benefits we offer :

  • Market-leading Salary
  • Medical Coverage Self & Dependents
  • Parents Medical Coverage
  • Provident Fund
  • Employee Performance-based bonuses
  • Home Internet Subsidy
  • Conveyance Allowance
  • Profit Sharing Plan Tenured Employees Only
  • Life Benefit
  • Child Care Facility
  • Company Provided Lunch / Dinner
  • Professional Development Budget
  • Recreational area for in-house games
  • Sporadic On-shore training opportunities
  • Friendly work environment
  • Leave Encashment
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form