ISM eGroup is a global player when it comes to innovative eCommerce solutions with offices in the USA, the Netherlands, England, Ukraine, Germany, Singapore, Australia and Sri Lanka.

ISM APAC (Pvt) Ltd in Colombo, Sri Lanka has over 165+ employees with whom we build innovative eBusiness solutions. We focus on software development, technical support and consulting services.

Sana Commerce has a global product team with members from all over the world. We are transitioning to a SaaS company and with that, migrating our product to a cloud-native SaaS solution.

As a Senior Security Engineer, you will be developing and implementing security standards, practices and protocols for our Sana Cloud infrastructure, help to achieve compliance with common security standards in the e-commerce domain, support our team of network specialists with consultancy on security related topics and if (or when) ‘stuff’ hits the fan, you will identify and draft a RCA plus subsequent recommendations to management.

You are determined to distinguish relevant security priorities, have a keen eye for potential vulnerabilities and suspicious irregularities in systems, are able to clearly communicate your findings and have no problems consulting on calls with 3rd parties and/or customers.

• A degree in Computer Science, IT or a related discipline
• Certifications in Cisco (CCNA/CCNP), MCSE and preferable also in Azure technologies (AKS, LB)
• Excellent understanding of the TCP/IP stack
• Extensive knowledge of Linux based systems
• Hands-on experience with Kubernetes clusters
• More than five years experience in maintaining enterprise infrastructure (Cloud, Network and Systems)
• Experience in setting up IT Governance
• Good understanding of distributed system design, network and systems architecture
• Able to collaborate with a globally distributed team of engineers using industry standard collaboration tools
• Significant knowledge and experience designing, building and operating security technologies and processes that cross devices, applications, networks, data and users.
• Ability to collaborate with internal teams to build and deploy security technologies, standards, and processes
• Strong experience in web application security issues, standards, and best practices (ex. OWASP)
• Information security related certifications and product-specific certifications CISSP, LPT, CHFI, CEH, CompTIA, ITIL and CCNA Cybercops, preferred
• Experience working with compliance to standards and regulations such as ISO 27001

Experience performing white/black box penetration tests and assisting in resolving any discovered vulnerabilities