Security Engineer

About Us

At Bazaar, were on a mission to build an operating system for traditional retail in Pakistan, that creates opportunities for retailers, suppliers, and workforce across the country. We are continuously working towards cultivating an environment that inspires, empowers, and challenges each individual as they take on this road to self-discovery.

We are eager to build the most diverse and creative team - celebrating differences and learning from each other.

About the role

As a Security Engineer, you will be extending, testing and validating threat detection and response capabilities across Bazaar. You should have the right technical depth, security intuition, and entrepreneurial spirit. You will use your security knowledge and strong engineering skills to build and sustain innovative solutions and platforms which enables Bazaars Security Engineering to quickly identify, mitigate and respond to abuse and intrusion.
As a Security Engineer, you will:

• Establish goals and track related metrics for vulnerabilities, including vulnerability discovery, classification and resolution time objectives
  Perform penetration testing, document results and remediation efforts for status reports
• Architect and build tools for threat detection, forensic automation and security response
• Develop incident prediction, management & mitigation process
• Enhance the security incident response by providing data and queries to responders
• Use your security background to derive security insights from our data
• Contribute directly in Software development and DevSecOps to help Bazaar enable Security by design
• Analyze logs and application metrics to detect vulnerabilities and threats
• Develop secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities
• Be a subject matter expert and ambassador to Bazaar Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
  You will also have the unique opportunity to explore other areas of software development like backend, devops, security, web frontend, scripting and more.

Technical Skills Required:

• Unit Testing (and other kinds of testing including Component, Integration and Contract testing)
• Experience with at least one high-level programming language (e.g., Kotlin, Java) and at least one scripting language (e.g., Python, JavaScript, Bash)
• Knowledge in Software Architecture and Design concepts
• Knowledge (and preferably hands-on) managing Web Application Firewalls
• Knowledge (and preferably hands-on) using Open Source penetration testing tools, including Metasploit or the Kali Linux tool set
  Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix
• Decent knowledge in Linux and *nix System
• Working experience in any major cloud platform (e.g. Google Cloud or AWS)
• Knowledge (and preferably hands-on) of APM tools (e.g. NewRelic, Prometheus+Grafana)
• Basic DevOps stuff (including Kubernetes, IAC, Docker)
• Experience with distributed logging platforms (e.g ELK stack)
• Knowledge (and preferably experience) of Microservices and distributed software architecture
• Incidents management and mitigation

Skills Required:

• 2+ years of solid experience in software engineering
• Prior experience building a security analytics, intrusion detection or abuse detection platform would be preferred
• Self-starter, 100% ownership and unshakeable enthusiasm
• Strong communication and interpersonal skills
• Should possess strong willingness to get hands dirty (literally), get stuff done and strong work ethics
• Has relentless focus, strong prioritization skills, and the ability to multitask while working in a highly charged environment

What We Offer:

• A culture that empowers you everyday to take charge and deliver outstanding results
• A power-packed team that develops you to be the best version of yourself
• An opportunity to explore new avenues, break down barriers and execute on own ideas with complete autonomy
• Rewards based on merit and a flexible work environment with an unlimited leave policy
• A healthy compensation, insurance, and stock options plan to take care of yourself and your families

At Bazaar, we respect and accept our colleagues as they are. We are an Equal Opportunity Employer promoting diversity in all its forms (thought, culture, gender and background). Any kind of discrimination is not only condemned but a punishable offense for the company.
We would encourage you to shoot your shot, dream big and apply away, even if your confidence makes you feel otherwise. We acknowledge Imposter Syndrome as a persistent impediment to career growth and we would not want to lose a candidate like you.