Senior Cyber Security Engineer & Red Teamer - Abu Dhabi

Since our launch in 2012, we’ve been on a mission: to make digital identification simple, secure for everyone, and everything. Our technology is now being used by hundreds and thousands of users worldwide, including some of the world’s leading financial institutions.

And this is just the beginning but, we can’t do that alone. That’s why we’re looking hire the brightest, most inquisitive minds out there: the people who want to help us change the rules of identity ­– and have the skills and passion to make this mission a reality

Does that sound like you? Let’s talk.

Looking for

• Capable, deep technical cyber security engineer & Red Teamer, who enjoys security work and possesses deep and wide expertise in the security space.
• Join a very technical, and passionate, security team.
• Pen-test our applications and infrastructure, meanwhile working with, and provide guidance, to developers to solve the issues found.
• You will design, plan, develop and maintain security tasks to detect/fix/prevent/monitor sensitive data and systems from infiltration and cyber-attacks.
• This is mainly a Security Engineer role (Blue Team) that also does Red Team exercises.

Responsibilities

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information.
• Pen-test applications and infrastructure, work with and provide guidance to developers.
• Identify and define system security requirements
• Design computer security architecture and develop detailed cyber security design.
• Prepare and document standard operating procedures and protocols.
• Develop technical solutions, and new security tools, to help mitigate security vulnerabilities plus automate repeatable tasks.
• Help the Security Incident Response Team.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements.
• Collaborate with Engineering and DevOps teams to make sure security issues are addressed timely and effectively.
• Develop and give security training to Engineering and DevOps teams (OWASP and more).
• Run the daily/weekly/monthly security run-books to detect and keep any security incident under control.

Requirements

• Pen-tester / Ethical Hacker / Penetration Tester / Security Engineer / Blue-Red-Purple Team background.
• Hold at least one of the following Security certifications
  • CompTIA Security+ (Security+)Certified Ethical Hacking (CEH)
  • GIAC Security Essentials (GSEC)
  • GIAC Penetration Tester (GPEN)
  • Computer Hacking Forensics Investigator (CHFI)
  • CREST Practitioner Security Analyst (CPSA)
  • CREST Registered Tester (CRT)
  • Licensed Penetration Tester (LPT)
  • GIAC Reverse Engineering Malware (GREM)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Advanced Web Attacks and Exploitation (OSWE)
  • Offensive Security Wireless Attacks (OSWP)
• Be able to commute to:
  • to UAE (United Arab Emirates) at Abu Dhabi at least three times a week.
• Be willing to work on a full-time permanent basis.
• Minimum 2 years of experience doing manual technical security reviews.
• Experience in finding technical security issues (Web, Application, Operating systems, APIs, Cloud,...) and fixing them.
  • Ex.: Applicant is expected to know what is a Blind SQL Injection, how to detect it, exploit and remediate the vulnerability.
• Deep knowledge of the OWASP TOP 10. How to detect, exploit and remediate the issues.
• Experience in building and maintaining cyber security systems.
• Detailed technical knowledge of database and operating system security.
• Experience with network security and networking technologies and with system, security, and network monitoring tools.
• Thorough understanding of the latest security principles, techniques, and protocols.
• Familiarity with web related technologies (Web applications, Web services, Service oriented architectures) and of network/web related protocols.
• Problem solving skills and ability to work under pressure.
• Knowledge of scripting languages (minimum mandatory Bash and Python).

Bonus Points for

• University studies in Computer Science, IT, Systems/Network Engineering or a related field.
• Masters in Cyber Security or a related field.
• Security certifications (CEH, GPEN, CPSA, OSCP, CRT, CISSP, CCSP, OSCE ...) or equivalent.
• Knowledge of security development and enforcing inside the CI.
• Knowledge of Cloud security (e.g. AWS).
• Knowledge of Kubernetes and Terraform.
• Ability to work independently with minimal direction.
• Driven to take ownership of problems and solve them.
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.

Recruitment Process (We are going to technically challenge you!)

1. Technical screening call. Circa 5 min.
2. Technical video-call, 60 min.
3. Technical "on-hands" remote challenge: Hack, explain remediation and report within 24h (CTF-type exercise).
4. Deep technical video-call, 120 min.

Note: A full background check (last 7 years) is mandatory for all candidates to progress after stage 3.

Benefits

Benefits are a key part of Callsign’s value proposition that helps with the attraction, retention, and engagement of our people. Our aim is to provide an offering that is competitive, cost effective, simple, and flexible, that supports employees, mental, physical, and financial well-being

Health Insurance

• Our Health Insurance is provided via Oman who work alongside Bupa Global
• Auto enrolled on first day of employment
• Health insurance cover in the UAE and the rest of the world for employed residents of the Emirate of Abu Dhabi, holding an Abu Dahbi Residency Visa
• Cover for spouses and dependants of eligible employees’ is an optional benefit
• Your health plan covers the treatment cost for a disease, illness or injury that leads to the conversation of your condition, recovery or you getting back to our previous state of health
• Some of the benefits in the plan are outpatient and in-patient services like laboratory test services, advanced imagining X-ray and diagnostic tests, physiotherapy, prescribed medicines, emergency medical conditions, chronic conditions, mental health conditions
• Optional benefits (if purchased) include dental and optical treatments, USA cover and assistance cover

Gratuity
Employees are entitled to receive 21 days basic salary for each year completed for the first five years and 30 days salary for each additional year on condition that the gratuity total shall not exceed two years’ salary. This will be given in the final settlement at the end of your service with us.

Airfare Allowance

• You will be eligible for this allowance after successful completion of your probation period
• Callsingers and their spouse and children can enjoy this benefit
• A valid UAE residency visa is mandatory for dependents in order to receive the benefit
• The airfare benefit is disbursed after completing of 6 months of employment

Callsign Bank Holiday

On the last weekend of May 2014, a very small Callsign team was busy working hard to hit certain milestones, so busy
most of the team worked almost around the clock. In view of this dedication, we all decided that we would take the
following Monday off, which happened to be the first Monday in June 2014. We decided to celebrate the continued
dedication that’s built into every Callsigner by making the first Monday of June our bank holiday!

25 days annual leave + the public holidays

In addition to the Callsign Bank Holiday, you’re also entitled to 25 days of annual leave and the public holidays in the
country in which you reside (Subject to individual team requirements. Please discuss with your Callsign contact.)

Twice a week

Free breakfast each Tuesday and Thursday in the office.

Once a week

Sports each Thursday after office hours (mainly football but, we also do badminton, basket...)

Once a month

Free lunch meanwhile we do the "All Hands" meeting