We are seeking a mid-to-senior level Cybersecurity (Systems Security) Engineer to join our team in a part-time (or one-time visit per week) on-site capacity. The ideal candidate will have extensive experience securing web applications, mobile applications, cloud-based infrastructure, and microservices architectures. In this role, you will perform hands-on security assessments and testing, design robust security architectures, monitor for threats, and establish best practices to ensure our systems and applications are protected against evolving cyber threats.

Responsibilities

• Vulnerability Assessments & Penetration Testing: Conduct regular vulnerability assessments and penetration tests on networks, servers, web applications, mobile apps, and microservices. Identify security weaknesses and coordinate with development teams to prioritize and remediate findings.
• Secure Architecture Design: Design, review, and implement secure architectures for web, mobile, and microservices-based applications. Enforce strong authentication, encryption, access controls, and secure API communication.
• Microservices Security: Secure microservices environments by implementing security best practices in service-to-service communication (e.g., mTLS), API gateways, service meshes, identity and access management (IAM), and container security. Identify and mitigate risks related to inter-service data flow, misconfigurations, and exposed endpoints.
• Incident Monitoring & Response: Monitor security alerts and logs using tools such as SIEM or intrusion detection systems. Investigate and respond to security incidents by containing threats, performing forensic analysis, and documenting incident reports.
• Cloud Environment Hardening: Apply system hardening practices to cloud servers and infrastructure. Implement security configurations, patch management, network segmentation, and secure IAM policies on any major cloud provider.
• Secure Development & Deployment: Establish and enforce security best practices across the SDLC. Conduct code reviews, threat modeling, and integrate automated security testing into CI/CD pipelines.
• Security Policy & Training: Develop and maintain security policies and provide training to technical teams. Promote a security-first mindset within the organization.
• Risk Analysis & Improvements: Stay current on cybersecurity trends and threats. Continuously assess the risk landscape and recommend security improvements.

Qualifications

• Education & Experience: Bachelor’s degree in Computer Science, Information Security, or a related field. 5+ years of experience in information security or cybersecurity engineering, including web, mobile, cloud, and microservices security.
• Technical Skills:
• Proficient in penetration testing and vulnerability scanning using open-source tools such as OWASP ZAP, Wapiti, Nikto, and Metasploit Framework.
• Strong understanding of OWASP Top 10 for web, mobile, and APIs.
• Experience with microservices security, including securing REST/gRPC APIs, service meshes (e.g., Istio, Linkerd), and container orchestration (e.g., Kubernetes).
• Familiarity with DevSecOps practices and security in CI/CD pipelines.
• Comfortable with at least one programming/scripting language (Python, Java, Bash, etc.).

Preferred Certifications

• CISSP, CEH, OSCP (or equivalents)
• Other certifications, such as CISM, CRTP, and GIAC, are a plus.