Information Security Engineer
ProgressSoft Corporation
full-time
Posted on:
Location: 🇯🇴 Jordan
Visit company websiteJob Level
Junior
Tech Stack
CloudJavaSDLCSpring
About the role
- We are looking to hire an Information Security Engineer who will work closely with developers, DevOps, and infrastructure teams to enhance the security of our products and platforms.
- Responsibilities:
- Perform application security reviews, including Java code review, threat modeling, and vulnerability assessments.
- Identify and remediate security vulnerabilities in web, API, and mobile applications, with a focus on OWASP Top 10 risks.
- Collaborate with developers to integrate security best practices into the SDLC and CI/CD pipelines.
- Conduct penetration tests and manage third-party security assessments.
- Develop and enforce secure coding standards for Java and related frameworks.
- Support automation of security testing tools (SAST, DAST, SCA).
- Implement and maintain security controls across servers, cloud environments, and networks.
- Support vulnerability management, patching, and configuration hardening.
- Monitor for security threats, investigate incidents, and support incident response.
Requirements
- Minimum 1 year of professional experience in security (application or infrastructure).
- OR relevant certification such as OSCP, OSWE, or equivalent.
- Strong understanding of application security principles (OWASP Top 10, secure coding, threat modeling).
- Familiarity with tools like Burp Suite, OWASP ZAP, SAST/DAST scanners, etc.
- Excellent problem-solving skills and ability to communicate technical findings clearly.
- Nice-to-Have:
- Familiarity with Java-based applications and common frameworks (e.g., Spring).
- Experience with DevSecOps and CI/CD pipeline security.
- Familiarity with infrastructure/cloud security.