Sorry, this job is no longer available.
loading...

(Loading More Opportunities)

Security Engineer


Xneelo is a web hosting company of approximately 350 people, with teams in Cape Town (head office), Johannesburg, as well as Canada, Ukraine and India. We see ourselves as business enablers, stimulating the economy by helping the business mass market to interact and transact online.






Our security engineers make sure that the data of xneelo and her customers is protected. A large scale, mass-market hosting infrastructure is a complex beast requiring security automation and processes to make sure it can scale and perform securely, 24 x 7 x 365. The security team at xneelo looks to the security of the IT, OT, software and cloud infrastructure as a vital component of being trusted in hosting.  




We are passionate about frequent, iterative delivery of high-quality software and aim to build lasting solutions using Agile principles and the latest technology available. The security team at xneelo is a key part of this process.



We work together in autonomous teams that take full responsibility for their own part of the xneelo ecosystem and require an understanding of the Agile development philosophy. The security team owns some of the security related components of the ecosystem and consults with teams to ensure that systems they own are secure by design.



Locations: Remote or Cape Town, South Africa.

Timezones: UTC to UTC+3



Responsibilities


The ideal candidate will come from a software development process in order to appreciate the security pitfalls of software development and how to speak dev.


Build and support systems providing security features such as firewalls, authentication and secrets management


Provide subject matter expertise on architecture, authentication and system security


Performing security reviews of new and existing services (IT, OT, Cloud and Software)


Liaising/Consulting internally with teams on security findings to solve vulnerabilities


Solving interesting and large scale backend technical challenges that affects security


Monitor application and audit logging for security anomalies


Automation of security anomaly detection and alerting


Participate in forensics of security incidents


Looking for opportunities to innovate and optimize our security solutions


The strengths and experience we’re looking for:

Excellent communicator, both verbal and written


Gets on well with people and knows how to have candid, “clear and kind” conversations


Fast learner who knows how to say “I messed up” and “I don’t know, please help”


Understands the security risks and mitigations through all the OSI layers


Gets the difference between “done” and “97% done” and the potentially significant costs of the latter


Strong networking skills


Excellent multi-tasking skills


Cool under pressure


No compromise attitude towards system security and stability


Is a servant leader


Self-motivation and self-management


Life-Long Learning


You probably have a passion for:

Thinking like a hacker & incident responder by diving into the security details of the software you’ve built or use


Keeping abreast of industry security news and developments


Zero trust design in networks and software


Multi layered security design


Programming, open-source Technologies and IT in general


Optimal systems and simple procedures


Agile development and a self-organizing team environment


Sharing ideas and innovation



Technical Requirements

Design & development of backend software and APIs


Object-oriented programming using a language like Ruby (equivalent will be considered)


Software development within the Linux/Unix environment


Software development using a containerization platform like Docker or Kubernetes


Agile development practices (team focus, continual improvement, automated tests, refactoring, continuous integration, pair programming


Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)

Code quality reviews

Proactively identify and reduce security risks


Find and remove outdated and vulnerable code and code libraries


Git version control



Qualifications

BSc or BTech majoring in Computer Science will be advantageous, however, your ability to demonstrate your track record of security systems is what ultimately counts


A minimum of 4+ years of software development experience


Minimum of 2 years supporting a large scale application in an operational capacity


Minimum of 4+ years in a similar position



Desirable Skills and Experience

Security related security certifications such as CISSP and OSCP


Experience with Kubernetes or other container orchestration platforms


Understanding of database design (MySQL, Redis, etc.)


Familiarity with ElasticSearch


Experience with DevOps on a linux based platform


Experience with system administration on a linux based platform


Ruby software development experience preferred


Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP


Implementation and management of infrastructure and service monitoring systems


Exposure to secrets management solutions


Cloud Infrastructure as a service


Infrastructure automation such as Cloudformation, Ansible and Puppet


Network and host based security solutions like Palo Alto, Fortinet, Cisco or Cloudflare      




At xneelo, our sincere desire is that our team members are inspired by their success and able to operate with a high level of discretion and autonomy guided by our principles and values. We hope this appeals to you and look forward to hearing from you.



Company
xneelo
Posted
08/01/2022
Location
Cape Town, WC, ZA