Insider is hiring a
Security Engineer

Summary

The job description is for a Security Engineer - Red Team position at Insider, a B2B SaaS company that specializes in Customer Experience and Marketing. The role involves performing penetration tests, source code reviews, threat analysis, and supporting the blue team when needed. The candidate should have experience in web application security, REST APIs, and using SAST/DAST tools.

Requirements

• Have 2+ years of working experience in web application security
• Have hands-on experience in security testing of Web applications, Web service, Mobile applications, APIs, etc
• Have experience securing REST APIs and web services
• Have experience using and implementing SAST / DAST tools such as Fortify, Veracode, Checkmarx, or other similar tools

Responsibilities

• Performs web, mobile application, and internal penetration test, source code reviews, threat analysis, social-engineering assessments
• Supports blue teams when needed
• Researches new attack vectors and stay current with cybersecurity news and trends

Preferred Qualifications

• Know conducting penetration tests of information systems using commercial and open-source exploitation tools
• Have a good understanding of standard security vulnerabilities and common remediation as published by OWASP, SANS, etc
• Will support developers of our business units in their SDLC and provide guidance regarding mitigations to emerging threats
• Review application source code based on static application security testing tools
• Be engaging in security research to remain current on vulnerabilities and testing tools
• Create detailed, professional documentation/reports that clearly communicate vulnerabilities, mitigation strategies, and remediation steps
• Have the ability to work on multiple projects concurrently and be committed to providing exemplary customer service
• Have strong written and verbal communication skills in English
• Have Python, Javascript, PHP programming experience as a plus
• Have knowledge in scripting (any language) and experience in automation scripts for application security testing as a plus
• Have familiarity with cloud security, particularly AWS Security concepts as a plus
• Have certifications of eWAPTx, OSCP, OSWE, etc. as a plus
• Are able to work in a team-centric environment
• Have strong critical thinking and analytical skills
• Have experience in executing white, gray, or black box security posture assessments and complete detailed reports that outline the findings and recommendations

Benefits

• Tech Talks with famous and groundbreaking people from the software world
• Dev Talks where Software Developers talk about their career steps
• Many events where groundbreaking ideas are discussed
• Hackathons we organize inside that push the boundaries, programming challenges, and coding competitions
• Free access to exclusive services such as Laracasts, Egghead, LinkedIn Learning, Blinkist, Masterclass, and Spotify
• Inclusive Private Health Insurance
• Smart Work Model side benefits to support food. and bill. expenses
• The infamous Team Activities that are bursting with fun
• No Dress code! This is a fast and innovative startup, you can wear whatever you want
• Remote Work! Work anywhere you'd like in Turkey