Company Profile:

Programmers Force is a product-driven software company that excels in the field of Artificial Intelligence and Machine Learning since 2016. The company was founded by a team of visionary entrepreneurs that led its operations under software development, data science, DevOps, system architecture, big data processing, and blockchain-based applications development. We take pride in our diversified workforce with talent coming from top institutions of Pakistan and abroad. Our vision is to create innovative and intelligent business solutions through the development of smart web & mobile applications with a mission to support global industries in their day-to-day business challenges. Our specialised teams possess tacit knowledge of high-tech systems that enables us to tap businesses from more than 200 countries worldwide. This is just the beginning for us! We are in search of talented candidates with technical expertise who can add value to our fast-paced and work-intensive environment.

Tack of Programmers Force:

Not only the way out but the best way out! No rather, no “one or two” but a must for all. Win-Win is the goal.

Job Description:

The Information Security Engineer is responsible for proactively maintaining Programmers Force information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems. This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams.

Roles & Responsibilities:

• Play a lead role in developing and designing Information security controls and standards

• Perform Information security design reviews against new products and services

• Track and prioritise all security issues

• Performs static/dynamic code testing, manual code inspection, threat modelling, design reviews, and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects

• Perform ongoing security testing and code review to improve software/ information security

• Perform application security vulnerability management  

• Facilitate and support the preparation of security releases

• Support and consult with product and development teams in the area of application security

• Assist in the development of automated security testing to validate that secure coding best practices are being used

• Build the security development training program to train developers on secure coding practices

• Identify security prospects of multiple solutions that help keep the organisation safe from threats

• Maintain knowledge of engineering next-gen designs, security trends, threats, and attack techniques.

• Building a comprehensive security program that includes physical safety and cybersecurity policies.

• Reviewing existing security measures and updating protocols as needed.

• Overseeing the daily operations of the company to identify potential security risks and room for improvements.

• Fostering a culture of physical and digital security awareness by conducting training sessions and communicating with personnel.

• Managing, evaluating, and resolving any physical or digital security incidents or breaches.

• Ensuring that the company's security policies comply with federal laws and legislations.

• Presenting risk assessments and improved security policies to management team members.

• Working with management to develop and implement an appropriate budget for security programs.

• Help teams with readiness for external assessments against industry standards and review programs/documentation for conformance.

• Evaluate and recommend new information security technologies and practices along with improvement in current infrastructure.

• Review Information Security Program including Policies, Standards, Guideline and Procedures.

• Review Audit Logs, Risk Assessments, Vulnerability Assessments and do Gap Analysis.

Education & Experience Requirements:

• Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience

• Information Security (Confidentiality, Integrity and Availability, Physical and Logical Security)

• 7+ years of work experience in Information Security

• Experience with OWASP Top10, Burp Suite, ZAP, Kali Linux Acunetix, Netsparker System, NW and Application Security gap assessment

• Policies & procedures development

• Excellent written and oral communication skills

• Cryptography (Encryption, Decryptions Hashing algorithms, Key Management)

• Preferable CEH certification

• Preferably CISA certified

• Familiarity with industry standard security certifications ISO2001/ SOC2/ GDPR/ HIPAA/ PCI.

• Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or Web Application Penetration Tester (WAPT) certification are preferred.