Security Engineer
Remote job
Applications have closed
xneelo
Reliable hosting with a stable network and round-the-clock support, we ensure that your website stays up, stays fast and stays supported.Xneelo is a web hosting company of approximately 350 people, with teams in Cape Town (head office), Johannesburg, as well as Canada, Ukraine and India. We see ourselves as business enablers, stimulating the economy by helping the business mass market to interact and transact online.
Our security engineers make sure that the data of xneelo and her customers is protected. A large scale, mass-market hosting infrastructure is a complex beast requiring security automation and processes to make sure it can scale and perform securely, 24 x 7 x 365. The security team at xneelo looks to the security of the IT, OT, software and cloud infrastructure as a vital component of being trusted in hosting.
We are passionate about frequent, iterative delivery of high-quality software and aim to build lasting solutions using Agile principles and the latest technology available. The security team at xneelo is a key part of this process.
We work together in autonomous teams that take full responsibility for their own part of the xneelo ecosystem and require an understanding of the Agile development philosophy. The security team owns some of the security related components of the ecosystem and consults with teams to ensure that systems they own are secure by design.
Locations: Remote or Cape Town, South Africa.
Timezones: UTC to UTC+3
Responsibilities
The ideal candidate will come from a software development process in order to appreciate the security pitfalls of software development and how to speak dev.
Build and support systems providing security features such as firewalls, authentication and secrets management
Provide subject matter expertise on architecture, authentication and system security
Performing security reviews of new and existing services (IT, OT, Cloud and Software)
Liaising/Consulting internally with teams on security findings to solve vulnerabilities
Solving interesting and large scale backend technical challenges that affects security
Monitor application and audit logging for security anomalies
Automation of security anomaly detection and alerting
Participate in forensics of security incidents
Looking for opportunities to innovate and optimize our security solutions
Requirements
The strengths and experience we’re looking for:
Excellent communicator, both verbal and written
Gets on well with people and knows how to have candid, “clear and kind” conversations
Fast learner who knows how to say “I messed up” and “I don’t know, please help”
Understands the security risks and mitigations through all the OSI layers
Gets the difference between “done” and “97% done” and the potentially significant costs of the latter
Strong networking skills
Excellent multi-tasking skills
Cool under pressure
No compromise attitude towards system security and stability
Is a servant leader
Self-motivation and self-management
Life-Long Learning
You probably have a passion for:
Thinking like a hacker & incident responder by diving into the security details of the software you’ve built or use
Keeping abreast of industry security news and developments
Zero trust design in networks and software
Multi layered security design
Programming, open-source Technologies and IT in general
Optimal systems and simple procedures
Agile development and a self-organizing team environment
Sharing ideas and innovation
Technical Requirements
Design & development of backend software and APIs
Object-oriented programming using a language like Ruby (equivalent will be considered)
Software development within the Linux/Unix environment
Software development using a containerization platform like Docker or Kubernetes
Agile development practices (team focus, continual improvement, automated tests, refactoring, continuous integration, pair programming
Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
- Code quality reviews
Proactively identify and reduce security risks
Find and remove outdated and vulnerable code and code libraries
Git version control
Qualifications
BSc or BTech majoring in Computer Science will be advantageous, however, your ability to demonstrate your track record of security systems is what ultimately counts
A minimum of 4+ years of software development experience
Minimum of 2 years supporting a large scale application in an operational capacity
Minimum of 4+ years in a similar position
Desirable Skills and Experience
Security related security certifications such as CISSP and OSCP
Experience with Kubernetes or other container orchestration platforms
Understanding of database design (MySQL, Redis, etc.)
Familiarity with ElasticSearch
Experience with DevOps on a linux based platform
Experience with system administration on a linux based platform
Ruby software development experience preferred
Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
Implementation and management of infrastructure and service monitoring systems
Exposure to secrets management solutions
Cloud Infrastructure as a service
Infrastructure automation such as Cloudformation, Ansible and Puppet
Network and host based security solutions like Palo Alto, Fortinet, Cisco or Cloudflare
At xneelo, our sincere desire is that our team members are inspired by their success and able to operate with a high level of discretion and autonomy guided by our principles and values. We hope this appeals to you and look forward to hearing from you.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible APIs Automation CISSP Cloud Cloudflare Computer Science CSRF DevOps Docker Elasticsearch Firewalls Forensics Kubernetes Linux Monitoring MySQL OSCP OWASP Puppet Redis Ruby SAML SSRF UNIX Vulnerabilities XSS
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs