security Engineer - application, systems, grcaCommerce (Platform Development)

Application Security Engineer
The Application Security Engineer will conduct both automated and manual assessments of application/website code to detect vulnerabilities before it ships. In this position, you will also act as a subject matter expert in all things related to application security.
Job Responsibilities:
Perform penetration testing on our internal and external applications.
Implement automation for finding vulnerabilities in CI/CD process.
Improving data security through use of encryption/key management, segregation, or other techniques.
Helping engineers design more secure systems via design input and code review.
Develop secure coding guidelines.
Deliver web application security training to developers.
Be a security subject matter expert and respond to any internal security engineering questions/request.
Perform reactive incident response when a security event occurs.
Perform proactive research to detect new attack vectors
Capabilities:
Experience as a developer, ideally with PHP, Python, or Node.js.
Relevant Certifications [CEH, OSCP, GIAC (GPEN)].
5+ years of work experience in an application security role.
Excellent Spoken and Written English.
Knowledge of Agile Development processes.
Familiar with application security attacks and countermeasures.
Familiar with both automated and manual assessment techniques.
Comfortable explaining technical vulnerabilities and risks to both technical and non-technical audiences.
In-depth experience identifying and protecting against web application vulnerabilities.
Experience with various application and infrastructure security tools and products (Burp Suite, Fortify, IBM AppScan, WebInspect, Nmap, Nessus, or OWASP ZAP).
Strong knowledge of browser security model, mobile app security, cryptography and network security.
Experience with security tools for static analysis, dynamic analysis, penetration testing, intrusion detection.
Systems Security Engineer
The Systems Security Engineer will implement and monitor security measures for the protection of computer systems, networks and data.
Job Responsibilities:
Conduct user account audits across various systems.
Conduct network vulnerability scans.
Document Server hardening guidelines.
Perform firewall policy audits
Proactively offer, deploy and monitor security solutions where the business dictates.
Patching and upgrades of all security systems and services where applicable
Perform periodic penetration testing.
Conduct Wireless Security Assessments.
Investigation of HIDS, SIEM, and other automated alerts.
Ensure PCI compliance status of network devices and servers.
Assist in annual PCI recertification efforts.
Capabilities:
Excellent Spoken and Written English.
Familiar with security products such as Nessus, OSSEC, Metasploit, nmap, Fail2Ban, Fortigate, OpenVPN, and Wireshark.
Excellent understanding of Linux operating systems.
Minimum 3 - 5 years of experience in Network and Systems Security.
Good Knowledge in Intrusion Detection/Prevention Systems.
Good Knowledge of IPSEC VPN tunnels.
Good Knowledge in Firewall concepts.
Good Knowledge in SIEM.
Experience in OS Hardening including Windows and Linux.
System Admin/ DevOps background.
Docker container configuration and security
Professional security management certification: CISSP preferred
GRC Security Engineer
The Governance, Risk, and Compliance Engineer is responsible for the assessing and documenting of the aCommerce's compliance and risk posture as they relate to the its information assets. This position is also responsible for oversight and coordination of third-party security assurance, policy documentation, and security awareness training.
Job Responsibilities:
Create required Security Policy documents
Review security components of legal contracts, Statements of work, and other contractual documents
Complete third-party security due diligence questionnaires.
Provide New Hire Orientation and deliver periodic Security Awareness Presentations.
Assist in annual PCI certification efforts.
Coordinate with the Infrastructure teams to audit ID Badges, physical access controls, and CCTV deployments.
Improve Security Awareness posters and signage displayed in all offices.
Security Software Acquisition/Renewal.
Actively involved with Disaster Recovery and Business Continuity Planning.
Capabilities:
Excellent Spoken and Written English.
Must have a good grasp of legal terminology.
Experience performing information security audits or risk assessments
Familiarity with security auditing processes
Knowledge of information security risk management frameworks and compliance practices.
Experience in ISO27001, PCI DSS, and Thai Cyber Law Crime Act.
Professional security management certification: CISSP or CISA preferred.
Personal Attributes:
Ability to conduct research into a wide range of security issues as required.
Ability to absorb and retain information quickly.
Ability to present ideas in user-friendly language.
Highly self-motivated and directed.
Keen attention to detail.
Proven analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Exceptional customer service orientation.
Experience working in a team-oriented, collaborative environment.
Benefits:
Group health insurance and life insurance
Free lunch everyday
Daily 15-minute Thai Massage
Work from home 1 day per week
Vacation leave 14 days per year
Leaves for marriage, priesthood, bereavement and parental