Description
Ciklum is looking for a Senior Web Security Engineer to join our team full-time in Romania.
We are a custom product engineering company that supports both multinational organizations and scaling startups to solve their most complex business challenges. With a global team of over 4,000 highly skilled developers, consultants, analysts and product owners, we engineer technology that redefines industries and shapes the way people live.
About the role:
As a Senior Web Security Engineer, become a part of a cross-functional development team engineering experiences of tomorrow.
Client is the world’s number one integrated tourism business. Product and Engagement is a global team within Client responsible for the business delivery and operation of all E-commerce solutions. We are a multi-disciplinary team of experts across Digital Marketing, Digital Product, Digital Experience & DX, UI, SEO and Optimisation & Analytics, providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and the Netherlands.
We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.
We are looking for a talented Senior Security Engineer to join the Security Platform team, which owns and maintains a unified and overarching CDN & WAF capability at Client for our digital services. You will be working alongside the Security Practice team which provides solutions, consultancy, education and guidance across the Product & Engagement area. The team’s focus is to drive forward maturity in developing secure software components and products.
This a great opportunity to join a team of innovative and passionate people, working with other practice teams who are driving the development, operation and ongoing evolution of a new global cloud-based e-commerce platform, a fundamental and strategic element of our digital transformation.
The Senior Security Engineer is a practitioner and an advocate of state-of-the-art secure coding, secure design and security automation practices with a broad toolkit of technologies and methods and with a strong DevSecOps mindset, being able to tackle the whole software development cycle of designing, building, testing and deploying applications. Working in an agile environment and keeping up with the ever-evolving technical landscape the Senior Security Engineer is a lifelong learner and likes to think outside the box.
Responsibilities
- As a Senior Security Engineer, you will be part of a cross-functional team or a practice team that enables secure coding, secure design, and security automation skills and capabilities in domains. Being an enthusiast in information security, with a strong DevSecOps mindset, and thanks to your excellent collaboration skills you will support your team in delivering the best answers to our customers’ needs and in taking over full responsibility for its applications, from design to operation. With your advanced skillset for understanding and solving problems you are able to take full ownership of complex topics or multi-faceted initiatives and outcomes panning across your domain
- You will use your deep technical skills to create software products that are secure by default and work collaboratively with software engineers, cloud engineers and architects to ensure information security is considered throughout the design and implementation of software products and services
- You stay up to date with Client practices and foster a “security first” mindset. You work alongside engineering teams to understand the threat landscape, business requirements and to describe security risks and goals. You provide your team with tooling and automation to identify possible threats and vulnerabilities before they are promoted to production, thereby helping them to protect our customers’ data. You tackle the whole cycle of designing, building, testing and deploying software artefacts
- You take an engineering approach to solving security problems, selecting and guiding teams to use the right tools for the right jobs and thus solve the given business and technical problems in an efficient way. You show a commercial mentality, focusing on solving business problems in the best way
- You are able to verbalise your thoughts and ideas and take the initiative to translate ideas into outcomes. Together with the domain’s Practice Teams as well as the Group Enabler teams you also will research, evaluate and test new approaches, processes and tools and help teams to use them effectively. You are well-connected across the domain, within the broader Client community and relevant Communities of Practice
- You love to work in an international, multi-cultural team. You challenge constructively and have high expectations of yourself and others. You always drive for technical excellence, ownership and self-organisation at team and personal level. You regularly coach, guide and develop more junior colleagues. You love to learn and acquire new skills and keep up to date with latest developments in your focus areas
- You are responsible for the operation and constant security optimisation and adoption of Client’s Web Application Firewall infrastructure. You will be responsible for website performance optimisation and security using the full suite of Akamai tools. Furthermore, you work with global teams in the organisation to enhance their security posture
- Security is part of everyone’s job. At Client, we practise secure behaviours first in everything we do
Requirements
- Proficient experience in working with CDN and WAF solutions like Akamai or Cloudflare. Bot detection, DDoS protection, cache optimisation
- Deep knowledge and hans-on experience on Web technologies – RFC’s, request/response lifecycle, DNS, protocols, status codes, cookies, headers, proxies, certificates, browsers, caching, etc.
- Advanced experience in designing secure, highly available, distributed applications in an Amazon Web Services (AWS) environment. EKS, Lamdba functions, CloudFront, S3, API Gateways knowledge is preferable
- Ability to understand and analyse complex security events as well as adjust the resulting ongoing security profiles
- Monitoring experience – Datadog, Grafana. Trend analysis, deep investigation, issue tracking
- Experience in defining, planning, implementing, maintaining, and upgrading security measures, guardrails and controls for WAF and CDN
- Familiar with information security standards & practices and their practical implications
- Experienced in securing APIs, REST API and GraphQL API using AWS AppSync
- Deep automation skills, hands-on with some programming languages such as Python
- Advanced experience with CI/CD, preferably Gitlab CI
- Being customer centric, passionate about delivering great digital products and services
- Passionate about continuous improvement, collaboration and great teams
- Strong problem-solving skills coupled with good communication skills
- Understanding of social and ethical implications of software engineering
- Open minded, inquisitive, life-long learner
- Comfortable with ambiguity, highly autonomous
What's in it for you
- Care: your mental and physical health is our priority. We ensure comprehensive company-paid medical insurance and Mental Health programs. We also provide you with meal vouchers to fuel your mind and body
- Tailored education path: boost your skills and knowledge with our regular internal events (meetups, conferences, workshops), Pluralsight licenses, language courses and company-paid certifications
- Growth environment: share your experience and level up your expertise with a community of skilled professionals, locally and globally
- Flexibility: Own your schedule – you are the one to decide when to start your working day. Just don’t miss your regular team stand-up
- Opportunities: we value our specialists and always find the best options for them
- Our Internal Mobility Program helps change a project if needed to help you grow, excel professionally and fulfill your potential
- Global impact: work on large-scale projects that redefine industries with international and fast-growing clients
- Welcoming environment: feel empowered with a friendly team, open-door policy, informal atmosphere within the company and regular team-building events
About us:
Seize global opportunities by working with us!
Enjoy our robust experience in various domains, a caring attitude and incredible team spirit.
Together we will grow our business in Romania and globally!
Be bold, not bored!
Experiences of tomorrow. Engineered together
Interested already?
We would love to get to know you! Submit your application. Can’t wait to see you at Ciklum.
Apply
