Information Security Engineer at Sporty Group #vacancy #remote

Sporty’s sites are some of the most popular on the internet, consistently staying in Alexa’s list of top websites for the countries they operate in.

In this role, you will Engineer, implement and monitor security measures for the protection of our computer systems, applications and infrastructure, such as, WAF, DDoS, DNS, Networking, VPN etc. We are looking for a capable team member who enjoys security work and possesses both deep and wide expertise in the security space.

Our Stack

  • Languages: Python, AWS Lambda
  • Networking: AWS Cloud, AWS Global Accelerator, PFSense, OpenWRT
  • VPN: IPSec, L2TP, OpenVPN, Wireguard, Zerotier
  • Computing & Storage: AWS EC2, AWS VPC, AWS EBS, S3
  • Monitoring: AWS Cloudwatch
  • Logging: ELK, OpenSearch
  • CDN: CloudFront, Cloudflare
  • WAF: AWS WAF, Cloudflare
  • DDoS Protection: AWS Shield, Cloudflare
  • Tools: Kali Linux, MobSF, Frida, Metasploit, WireShark, BurpSuite, NMAP etc

Responsibilities

  • Work directly with the project teams to facilitate building secure workflows, processes, systems, and services
  • Develop best practices and security standards for the organisation
  • Understand software, infrastructure and internet needs and adjust them according to the business environment
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  • Ensure the organisation knows as much as possible, as quickly as possible about security incidents
  • Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
  • Find cost-effective solutions to cybersecurity problems
  • Conduct the internal/external security test/audit on our service, application, and infrastructure
  • Assist fellow Team Members with cybersecurity, software, hardware or infrastructure needs

Requirements

  • 3+ years’ experience of working as a Security Engineer or other relevant position
  • Basic coding skills such as HTML, CSS, Shell Script, Python and other languages
  • In-depth knowledge of database and operating system security
  • Ability to discover and identify SQLi, XSS, CSRF, SSRF, authentication and authorisation flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)
  • Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
  • Knowledge of browser-based security controls such as CSP, HSTS, XFO
  • Experience with standard web application security tools (Arachni, BurpSuite)
  • An understanding of best practices and how to implement them at a business-wide level
  • Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
  • Hands-on experience in network security and networking technologies and with system٫ security, and network monitoring tools
  • Fluency in English written and spoken

Beneficial

  • CyberSecurity certifications such as CISSP, CISA/CISM, CompTIA Security+, CEH, or GSEC would be beneficial
  • Certifications such as PMP, ISO 27001 LA would be beneficial

Benefits

  • Quarterly and flash bonuses
  • We have core hours of 10am-3pm in a local timezone, but flexible hours outside of this
  • Top-of-the-line equipment
  • Referral bonuses
  • 28 days paid annual leave
  • Annual company retreat – we all went to Thailand & Dubai together in 2023 and we aim to have 2 more trips in 2024!
  • Highly talented, dependable co-workers in a global, multicultural organisation
  • Payment via DEEL, a world class online wallet system 
  • Our teams are small enough for you to be impactful
  • Our business is globally established and successful, offering stability and security to our Team Members

Our Mission

Our mission is to be an everyday entertainment platform for everyone

Our Operating Principles

1. Create Value for Users

2. Act in the Long-Term Interests of Sporty 

3. Focus on Product Improvements & Innovation 

4. Be Responsible 

5. Preserve Integrity & Honesty 

6. Respect Confidentiality & Privacy 

7. Ensure Stability, Security & Scalability 

8. Work Hard with Passion & Pride

Interview Process

30 min HackerRank Test 

Remote video screening + ID check with our Talent Acquisition Team 

Remote 90 min video interview loop with 3 x Team Members (30 mins each)

ID Check Via Zinc & 2 references from previous employers

24-72 hour feedback loops throughout process

Working at Sporty

The top-down mentality at Sporty is high performance based, meaning we trust you to do your job with an emphasis on support to help you achieve, grow and de-block any issues when they’re in your way.

Generally employees can choose their own hours, as long as they are collaborating and doing stand-ups etc. The emphasis is really on results. 

As we are a highly structured and established company we are able to offer the security and support of a global business with the allure of a startup environment. Sporty is independently managed and financed, meaning we don’t have arbitrary shareholder or VC targets to cater to. 

We literally build, spend and make decisions based on the ethos of building THE best platform of its kind. We are truly a tech company to the core and take excellent care of our Team Members.

zerotier erlang-otp HTML Wireshark amazon-cloudfront shell Amazon Web Services (AWS) xss nmap ssrf frida CompTIA Security+ Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) Networking Certified Information Systems Security Professional (CISSP) Information security DNS DDoS wireguard saml oauth Internet Protocol Security (IPsec) Elastic Stack waf Cloudflare openvpn openwrt amazon-s3 totp Python Project Management Professional (PMP) pfsense aws-lambda hsts VPN csrf amazon-cloudwatch metasploit kali-linux l2tp cas CSS amazon-ec2

Залишити відповідь