Web Security Engineer

Summary

Join Trafilea, a dynamic Tech E-commerce Group, as a Web Security Engineer. You will ensure the security and compliance of our web applications and infrastructure. This role involves proactively identifying and mitigating vulnerabilities, implementing security best practices, and collaborating with various teams. You will play a crucial role in safeguarding sensitive data and protecting against emerging threats. The position requires strong technical and soft skills, including proficiency in identifying OWASP Top 10 vulnerabilities and excellent communication abilities. Familiarity with cloud security and scripting is preferred.

Requirements

• Proficiency in identifying and mitigating OWASP Top 10 vulnerabilities
• Strong knowledge of web application architecture, including client-server models, APIs, and microservices
• Experience with security tools such as Burp Suite, OWASP ZAP, and automated vulnerability scanners
• Hands-on experience integrating security tools into CI/CD pipelines
• Knowledge of secure authentication mechanisms, such as OAuth, SSO, and multi-factor authentication
• Familiarity with common encryption standards and protocols (e.g., TLS, HTTPS, AES)
• Excellent problem-solving and analytical abilities to identify root causes of security issues
• Strong communication skills for educating developers and reporting findings to stakeholders
• Ability to work collaboratively across teams while maintaining a proactive approach to improving security

Responsibilities

• Ensure the security, integrity, and compliance of the organization’s web applications and infrastructure
• Proactively identify and mitigate vulnerabilities
• Implement security best practices
• Collaborate with cross-functional teams to embed security into every stage of the development lifecycle
• Safeguard sensitive data and protect against emerging threats

Preferred Qualifications

• Familiarity with cloud security, especially in AWS environments
• Experience with scripting and automation using Python, Bash, or similar languages
• Knowledge of compliance frameworks and how they apply to web applications (e.g., GDPR, SOC 2)