logo

Senior Security Engineer

Tehran | Engineering | Full-time

As a Senior Security Engineer at Sotoon, you will help ensure that our software and systems are designed and implemented to the highest security standards. You will perform technical security assessments and vulnerability testing to highlight risk, helping Sotoon teams to improve security. You will also work closely with other Sotoon Engineers to design and build proactive methods to enhance our security posture. You must be willing to work on various software designs and technology stacks.

 

Requirements

  • Holding BS in CE, CS, Math, or having related equivalent experience
  • 3+ years of proven experience as a Security Engineer or a similar role, preferably in a cloud or SaaS environment.
  • Hands-on experience conducting penetration testing and vulnerability assessments using industry-standard tools and frameworks.
  • Proficiency in automating security tests and processes using scripting languages such as Python, Golang, or Shell.
  • Effective communication and collaboration skills, with the ability to work closely with cross-functional teams.
  • Excellent analytical and problem-solving skills, with meticulous attention to detail.
  • At least 5 of the skills below are required: 
    • Knowledge of web application exploitation methodologies
    • Ability to independently research new vulnerabilities in our products
    • Initiating security incident response, including tracking and recovery actions
    • Ability to tune rules, filters, and policies for detection-related security technologies to improve accuracy and visibility
    • Ability to investigate a wide variety of events from various sources to determine whether they pose a threat to Sotoon
    • Strong knowledge of containerization technologies such as Kubernetes and Docker.
    • Familiarity with bug bounty programs and experience in reviewing and validating reported vulnerabilities.
    • Knowledge of blue-teaming and incident response in cloud based environment
    • Strong knowledge of network security protocols, encryption technologies, and authentication methods.
    • Familiarity with cloud security principles and best practices.
    • Knowledge of secure coding practices, security frameworks (such as OWASP), and secure software development lifecycle (SDLC).

Responsibilities

  • Conduct penetration testing to identify vulnerabilities in our systems and infrastructure.
  • Develop and maintain automated testing frameworks and tools to ensure the security of our applications and services.
  • Review and validate bug bounty reports, ensuring the timely resolution of identified vulnerabilities.
  • Collaborate with cross-functional teams to assess and address security concerns in the development lifecycle.
  • Implement security measures and best practices to safeguard our private cloud infrastructure.
  • Monitor and respond to security incidents, conducting thorough investigations and implementing remediation strategies.
  • Stay updated with the latest security trends, vulnerabilities, and industry best practices, and share knowledge with the team.
  • Provide security training and awareness programs to educate employees on security best practices.

Benefits

  • Supplementary health insurance for you and your family (supports most treatments, including psychotherapy).
  • Competitive salary with regular promotion opportunities.
  • Reimbursement for educational courses, internet, and even programs for self-development. (like art classes or learning a new language, etc.)
  • Flexible working hours, including remote work opportunity.
  • An exciting work environment with talented colleagues and an open environment for new ideas.
  • We provide everything you need to work comfortably, such as laptops, equipment for remote work, etc.
  • Various on-site meals and snacks.