Security Engineer

Insider

Meet Insider, the first integrated Growth Management Platform (GMP).

Insider Growth Management Platform (GMP) helps digital marketers drive growth across the funnel, from Acquisition to Activation, Retention, and Revenue. Leveraging real-time predictive segmentation powered by deep Artificial Intelligence and Machine Learning capabilities, Growth Management Platform empowers marketers to deliver personalized journeys across the web, mobile web, mobile apps, and ad channels. Built on a unified data layer, GMP is easy to implement and simple to use, avoiding the need for complex integrations and dependency on IT teams. Insider simplifies the life of digital marketers and helps them drive growth for their brands, with zero marketing waste.

Our engineers and developers are constantly harnessing the full force of the digital world to make a great impact, nurturing their work with innovation and shipping like artists to create beautiful and smart products. The product development and the technical team is located in Istanbul. Currently, we are running 450+ servers on an average, 2.2 Billion requests, and sending 200 Million push notifications per day. In predictive we have accomplished to capture more than 100 TB of historical data. We also successfully reached 25% of the global population.

Security is in the foundation of our customer’s trust in Insider. 

In this role, you will grow our software security program that facilitates security being baked into all of the products and infrastructure built at Insider. 

The responsibilities are a blend of security engineering and software engineering. 

If you’re a security engineer who wants to make the dream a reality, this is a great opportunity for you to have an impact across an entire engineering organization and support a world-class software security program.

Responsibilities:

• Perform web, mobile application, and internal penetration test, source code reviews, threat analysis, social-engineering assessments
• Conduct Security Audits 
• Monitor security tools and take action in response
• Answer security questionnaires of customers
• Support monitoring, testing, and troubleshooting of cybersecurity issues.
• Implement controls for information security compliance programs
• Maintain and compose operational process documentation regarding program execution
• Stay up to date with the latest methods for ethical hacking and testing

Demonstrate fundamental level knowledge in three or more of the following:

• Hands-on experience in security testing of Web applications, Web service, Mobile applications, APIs, etc.
• Vulnerability assessment, penetration testing, and remediation activities,
• Conducting penetration tests of information systems using commercial and open-source exploitation tools.
• Good understanding of standard security vulnerabilities and common remediation as published by OWASP, SANS, etc.
• Experience working with secure coding methodology and best practices and their implementation within engineering teams.
• Support developers of our business units in their SDLC and provide guidance regarding mitigations to emerging threats
• Review application source code based on static application security testing tools
• Create security policy, standards, procedures and guidelines for engineering,
• Experience implementing controls for information security compliance programs including PCI, ISO 27001, CSA Star and SOC 2
• Performing IT Security compliance reviews on related systems, applications, databases, network appliances, and SIEM tools
• Review information security procedures, controls, and related evidence with Key Stakeholders for completeness
• Read and analyze global security policies and adjust internal requirements accordingly
• Risk management and mitigation strategies,
• Engaging in security research to remain current on vulnerabilities and testing tools.
• Creating detailed, professional documentation/reports that clearly communicate vulnerabilities, mitigation strategies, and remediation steps.
• The ability to work on multiple projects concurrently and be committed to providing exemplary customer service.
• Experience with obtaining access through spear-phishing

These Qualifications Would Be Nice To Have:

• Python, Javascript, PHP programming experience is a plus,
• Knowledge in scripting (any language) and experience in automation scripts for application security testing,
• Familiarity with cloud security, particularly AWS Security concepts,
• CEH, eWAPTx, OSCP and other certifications desired but not required,
• Ability to work in a team-centric environment,
• Strong critical thinking and analytical skills,
• Experience drafting technical manuals, installation manuals, procedure outlines, and incident response plans in order to enhance system security documentation,
• Experience executing white, gray or black box security posture assessments and complete detailed reports that outline the findings and recommendations,
• Ability to work with internal and external stakeholders at all business levels,
• Understanding of privacy and data protection laws (CCPA, GDPR, GLBA Privacy and Safeguards Rules)
• Track record of developing and maintaining high-quality internal policy and procedure documents
• Strong presentation, written, and oral communication skills.

Insider is a Sequoia backed technology company with offices in London, Singapore, Tokyo, Hong Kong, Seoul, Sydney, Helsinki, Barcelona, Dubai, Moscow, Warsaw, Taipei, Jakarta, Istanbul, Kiev, Ho Chi Minh City, Bangkok, Ankara and Kuala Lumpur. Insider was listed as one of Europe’s 100 Hottest Startups by WIRED Magazine and won Red Herring Top 100 Europe in 2017. CrunchBase has recently ranked Insider’s co-founder and CEO Hande Cilingir as one of the top three women CEOs outside of the US.

Some of the most prestigious Fortune 500 companies and top brands in retail, automotive and travel across the globe use Insider to deliver AI-backed personalized experiences. Helping world’s leading brands grow beyond the speed of customer expectations, Insider is trusted by over 600 businesses across various industries including UNIQLO, Singapore Airlines, Tokopedia, Virgin, New Balance, Nissan, Samsung, Puma, Newsweek, Media Markt, AVIS, Allianz, BBVA, Dominos, McDonald’s, Avon and CNN.

Insider is a value-driven company and we provide equal opportunity in a  zero-discrimination workplace. Insider not just welcomes but also embraces diversity. Therefore, all qualified candidates will be considered without regards to sex, race, color, nationality, religion, gender identity, sexual orientation, disability status, citizenship or marital status. Lastly, Insider will provide all necessary arrangements for eligible individuals with disabilities.