About the position
Moatable is a forward-thinking, user-focused SaaS company that is passionate about creating groundbreaking solutions and pushing the boundaries of what's possible. With a diverse and talented team, we foster a collaborative environment where creativity and out-of-the-box thinking thrive. Join us on our exciting journey and help shape the future of technology! Moatable operates several US-based SaaS businesses including Lofty and Trucker Path. Trucker Path is North America's most popular suite of applications for commercial over-the-road truck drivers. It helps users discover hundreds of thousands of truck-friendly locations, navigate confidently with reliable turn-by-turn truck navigation, source loads from one of the largest mobile load boards, and manage all their operations with a TMS platform that incorporates the entire ecosystem of offerings. Trucker Path's mission is to revolutionize the trucking and transportation industry, starting with the millions of truck drivers that represent this trillion-dollar industry. Featured in Forbes, TechCrunch, Wall Street Journal, and VentureBeat as one of the fastest-growing tech startups disrupting the freight industry, our technology provides over-the-road truck drivers with a safe, economical, and smart long-haul experience. We're proud to be the number one trucking platform with over one million active drivers that rely on our services. Our goal is to improve the lives of truck drivers and the efficiency of the $1T transportation industry through technology. We are looking for an Application Security Engineer to circumvent unintentional data loss, malicious cyber-attacks or potential data theft that would negatively affect our company.
Responsibilities
- Writing automated vulnerability and attack detection and interception scripts using Python, Bash or other scripting languages
- Managing security incidents: identifying and responding to security breaches, viruses, mining, ransomware, and trojans effectively
- Supporting development teams in designing secure solutions, setting up security-aware development process, advising on tooling and framework selection from security perspective
- Reviewing and auditing currently used tools and tech stack for security gaps
- Responsible for setting up IDS/IPS intrusion detection systems
- Responsible for writing scripts for WAF to intercept common attack behaviours
- Responsible for setting up SIEM system, rule design, detection script design, and analysing attack behaviours
- Responsible for daily security issues and vulnerability remediation on AWS cloud servers
- Responsible for penetration testing related tasks, leading a team to conduct penetration tests on the IT infrastructure, systems, and networks of the company and its subsidiaries and driving vulnerability remediation
- Responsible for guiding testers in general penetration testing work
- Responsible for collecting and assessing the impact of the latest disclosed vulnerabilities on the internet and promptly fixing them
- Responsible for security drills, blue team-red team exercises, and security awareness training
- Responsible for relevant documentation and evidence during compliance audits
- Responsible for setting up high and low interaction honeypots to lure and capture attack behaviours
Requirements
- Familiar with common programming languages, at least be able to understand C++, Java, Golang and other commonly used web programming languages, proficient in Python and shell scripting
- Master common security code practices, including but not limited to input validation, output encoding, secure transmission, and relevant experience
- Master data processing solutions, able to detect intrusions, determine impact ranges, and identify vulnerabilities through keen data analysis
- Familiar with penetration testing methods and processes, proficient in various penetration testing tools, such as web application vulnerability exploration and penetration testing, attacking and defending databases, operating systems, mobile terminals, etc.
- Master common static and dynamic scanning tools, penetration testing tools, able to quickly detect, confirm, and fix vulnerabilities, and understand common encryption methods
- Have a certain understanding of information security concepts, theories, and methods, love challenges, and be willing to engage in the information security industry; Master ISO27001 and SOC2 related certification processes in the field of information security
- Possess good professional ethics, as well as good oral and written communication skills
- Need to have a strong problem-solving ability, be able to work under pressure, communicate and provide feedback to all parties in a timely manner, and solve problems effectively
- Have a strong security awareness, need to have keen insights into security incidents, be able to perceive and collect security intelligence, and provide analysis to the entire company
A Smarter and Faster Way to Build Your Resume