SUKU is seeking an Information Security Engineer specializing in web application security and hands-on security architecture for our agile blockchain startup. You’ll work closely with our CTO and tech team to establish and uphold security standards across various technologies, contributing to the development of mobile apps, web apps, and blockchain solutions. This role is pivotal in implementing and managing advanced security measures to protect our organization’s infrastructure from evolving cyber threats.

Key Responsibilities

• Web & Application Security: Secure web applications by implementing best practices, conducting architectural reviews, and designing security enhancements.
• Financial Payment Security: Strengthen security in FinTech applications, including payments, money transfers, and cryptocurrency services.
• Security Architecture: Design and implement secure system architectures aligned with industry standards and regulations.
• SIEM & Monitoring: Deploy and manage SIEM solutions, fine-tune alerts, and establish effective logging strategies to detect threats.
• Vulnerability Management: Perform regular security assessments, penetration tests, and work with teams to remediate risks.
• Incident Response: Lead investigations, containment, and recovery efforts, maintaining and improving response playbooks.
• Compliance & Auditing: Support audits, ensure regulatory compliance, and help enforce security policies and standards.

Qualifications

• Professional Experience: Minimum of 5 years of hands-on experience in information security engineering, with a focus on SIEM management, vulnerability assessments, and incident response.
• Technical Proficiency: In-depth knowledge of security technologies such as firewalls, intrusion detection/prevention systems, endpoint protection, and encryption methods. Proficiency in scripting languages (e.g., Python) for automation purposes.
  • Hands-on web application security experience:
    • Understanding of XSS, CSRF, OWASP Top10
    • Expertise with access control, RBAC, IAM
  • Hands-on experience with industry-standard SIEM platforms such as Splunk, IBM QRadar, or Elastic Stack (ELK).
  • Familiarity with IAM frameworks, e.g. Okta, Auth0
  • Hand-on experience with key management tools like AWS KMS, HashiCorp Vault
• Financial Background: Knowledge of banking and financial applications, including but not limited to online banking software, money transmitter services, etc.