Security Engineer

Summary

Join Malt, Europe's leading freelance marketplace, as a Security Engineer and play a crucial role in ensuring the security of our freelancers and clients. The Security squad collaborates with IT to provide secure tools across all departments. Key responsibilities include vulnerability management, strengthening corporate and product security, incident response, enhancing platform security, and supporting engineering teams in implementing security best practices. You will need at least 4 years of experience in software security, a strong understanding of web application security risks, proficiency in a cloud platform (preferably GCP), and experience with Kubernetes. Malt offers a collaborative and inclusive work environment with opportunities for professional growth.

Requirements

• Minimum 4 years of experience in software security in an engineering team
• Strong understanding of web application security risks, particularly OWASP, and successfully implement solutions to address these risks in previous roles
• Comfortable with modern web applications (Single page applications, REST, Cloud infrastructure, emails) and have some notions of Object-Oriented programming (such as Java or Python), Web programming languages (JavaScript and/or Typescript)
• Proficient in at least one Cloud platform, preferably GCP, and have experience with Kubernetes
• Master the security of web applications, including familiarity with technologies like WAF, IDS/IPS, RASP, etc
• Practical experience with at least one security events detection tool (SIEM or similar)
• You are versatile, autonomous, proactive, and demanding, you like to search for security flaws in software. You may have already participated in bug bounty programs yourself!

Responsibilities

• Engage in vulnerability management activities: reduce the vulnerability backlog, industrialize SCA/SAST & DAST, maintain and improve the bug bounty program, organize internal pentests, and ensure 100% of developers are trained in secure coding practices
• Strengthen corporate & product security by developing and maintaining the alerting system on the SIEM, and responding efficiently to security alerts
• Engage in incident response activities, which involve identifying incidents through a monitoring plan (including rule detection and associated dashboards), assessing their existence and their severity, and finally efficiently resolving them
• Enhance platform security by designing and implementing solutions to proactively mitigate cybersecurity risks and detect any unfair usage of the platform
• Support, advise and make autonomous the engineering teams in the implementation of security best practices
• You will also participate in improving the security excellence of the development team, spread the security best practices at Malt, participate in our communities of practices (SRE, security, back-end, and front-end in particular), and increase your knowledge thanks to an active watch in the field of security and software
• You will participate in the animation of our security community of practice gathering members of all squads: software, cloud, and data engineers experienced and passionate about software security