Software Engineering at Entersekt

Job description

Entersekt’s Software Engineering team believes we can make the online world a safer place to transact. Software security should be built into products from the start as opposed to retrofitting it afterwards. To accomplish this, we need the help of someone who can influence our development teams and product owners to keep security front-of mind.

The ideal candidate

We think the person that will fit this role looks something like this: You started computer programming at an early age and built a track record around that in its own right. Somehow, you found yourself drawn to all things software security, and at some point, you made a decision to focus on that. Today, you spend a lot of your time practicing ethical hacking; it may even be your day job. If you’re honest with yourself, you talk too much about security-related subjects, listen to too many security podcasts, and struggle to look passed developer ignorance or apathy around security.

The role

In this role, you will report to the VP of Software Engineering. You will not be a traditional member of any of our Agile development teams (i.e. you’ll be ‘outside of sprints’), but will collaborate with all teams by attending their Agile ceremonies such as sprint planning and grooming meetings. You will meet often with product owners and other business stakeholders to help them identify and clarify software security requirements. You will drive software security roadmap items up the value chain and create specifications to facilitate security robustness and best practice. Entersekt has a Software Architecture Evangelist to look after architecture; you will complement his efforts by looking after software security.

The role will require a fair amount of research on security trends and building of prototypes to prove security concepts. You will be expected to be the first to know about new Common Vulnerabilities and Exposures (CVE) additions (i.e. publicly known cyber security vulnerabilities). You will also perform penetration testing on our mobile and back-end systems.

Although you will be expected to be the biggest influencer for the use of security patterns, you will not have the authority to dictate it. You are an evangelist who gets people on board through sheer technical respect and influence. Technical design authority will sit with the teams whereas product priority and business requirement authority will sit with the product owners. This is to avoid the ‘security man says no’ syndrome and to be more in line with the values of devsecops.org.

Responsibilities

• Periodic auditing of existing systems and providing improvement recommendations (i.e. almost in line with what penetration testing companies do, but on an ongoing basis)
• Flagging of existing systems that become affected by newly discovered vulnerabilities (either manually or via some tooling) and working with product owners to schedule fixes
• Periodic auditing of existing code
• Participating in developer code-reviews to ensure security robustness of new code
• Recommending tools or solutions which assist in identifying and mitigating security issues

Entersekt is a leader in our domain, with a global presence, so we set the bar quite high in terms of the requirements for this position. The more of the following you can offer, the better suited you will be for the position:

Technical skills and experience

• 10+ years’ object orientated development experience
• Experience with the use of penetration testing tools (e.g. Metasploit)
• Experience with network traffic analysis (e.g. Wireshark, tcpdump)
• Well versed in methods to prevent attacks (e.g. input validation, privilege separation)
• Well versed in methods to detect attacks (e.g. honeypots, IDSs)
• Good network protocol knowledge (e.g. DNS, IP, TCP, DHCP, HTTPS)
• Solid understanding of networking and cloud systems (e.g. AWS, Azure, Google Cloud Platform)
• Solid understanding of Linux and container systems (e.g. Docker)
• Knowledge of PKI, TLS, OpenSSL, and Java cryptography
• Knowledge of mobile phone exploitation techniques
• Awareness of social engineering techniques
• Experience with vulnerability scanning tools (e.g. BlackDuck)
• Experience with the Agile development frameworks like Scrum

Personality attributes

• Healthy self-esteem – you will be challenged by some bright minds on a regular basis and they may reject your ideas
• Good communication skills – you will need to explain your ideas to teams and business stakeholders
• Ability to get things done – we don’t like micro-management, but we expect you to do the right thing
• Tendency to think outside the box – innovation is highly valued at Entersekt
• Aptitude to keep abreast of security trends

Location: Stellenbosch, Technopark, Cape Town