Echosec Systems is looking for an Application Security Engineer to support the R&D team in securing applications and infrastructure for our web application, darknet and social crawlers and a data enrichment platform. You will be joining a company that values continuous improvement in its security program driven by all its employees; and joining a team that takes pride in releasing daily while maintaining meaningful and comprehensive test coverage. You will be responsible for defining and working with the team to adhere to new security priorities. You will also be working independently and with senior members of the team to secure Echosec Systems infrastructure. This position has a high degree of autonomy and will work closely with the CTO to define and implement changes relating to security priorities. Previous experience working within dev(sec)ops or security focused roles would be valuable but not required.
Security engineers who would like to work with Kubernetes and Zero Trust Networking are strongly encouraged to apply.
Echosec Systems is a leader in online information discovery. Gathering millions of posts from dark web marketplaces, social media sites, and discussion forums, Echosec delivers an unparalleled level of digital and physical security to their global user base. Their web-based threat and risk intelligence solutions allow organizations to rapidly detect critical online content, so they can respond faster.
Echosec ingests data from hundreds of sources ranging from well known social media sites like Twitter and YouTube, to niche discussion forums like Discord, Telegram, and Gab. Advanced keyword and image detection filters allow Echosec users to monitor threats and get high priority alerts when specific content is detected.
Security teams worldwide trust Echosec Systems to provide a critical layer of information about unfolding events. Whether the event is a natural disaster, a violent threat, or a planned attack against a high-risk individual, Echosec provides situational awareness and real-time information that mitigates risk, minimizes damage, and keeps people and organizations safe.
- Participate in threat modelling for Echosec Systems application and infrastructure.
- Design and maintain automated security test suites, tooling and telemetry.
- Implement security best practices in Kubernetes and containers (Docker).
- Own the Echosec Systems vulnerability management program.
- Support the security disclosures and compliance processes.
- Assist teams in deploying and implementing secure infrastructure on Azure, Digital Ocean and cloud based PaaS/SaaS/IaaS providers.
- Collaborate with the team to determine the best logging and telemetry outputs when working within a DevSecOps environment.
- Managed Github’s security notifications as they related to the applications supply chain for software and container dependencies.
- Evaluate third party security tooling (eg: Snyk or Hashicorp Vault).
Skills and Experience
- Experience with OWASP.
- Understanding of web application firewalls.
- An understanding of networking and cloud architectures.
- Working knowledge of cloud services in AWS, Azure or Digital Ocean.
Assets but not Requirements
- Experience owning SOC2 policies around security and compliance.
- Participation in bug bounty programs.
- Previous experience with Kubernetes.
- Previous experience with Zero Trust Networking (Cloudflare Access).
- Worked with Azure Sentinel, Azure Monitor or Elastic SIEM.
- Knowledge of Azure Active Directory.
- Understanding of static or dynamic analysis tools.