Software Security Engineer

Responsibilities:

• Integrate security measures into software architecture from the start.
• Conduct security testing, vulnerability scanning, and code reviews to find flaws.
• Develop and implement solutions to fix vulnerabilities and build defenses.
• Train and consult development teams on secure coding.
• Help with responding to and resolving security incidents.
• Maintain technical security documentation.

Requirements:

• Candidate should possess a Bachelor of Science degree in Computer Science, Computer Engineering, Cybersecurity, or Mathematics (with a focus on cryptography) with a focus on one of the following courses or focus areas: Cryptography (symmetric & asymmetric), Hash functions, digital signatures, key management, Network security, and secure protocols.
• Hash Functions (SHA‑2, SHA‑3) For tamper-evident audit logs
• Digital Signatures (Ed25519, RSA, ECDSA) Non-repudiation, signing logs or events
• Public Key Infrastructure (PKI) Key generation, storage, verification, certificate management
• Secure Key Management: Protect private keys, rotation policies, and secure storage
• Cryptographic Libraries Practical implementation using libs like OpenSSL, BouncyCastle, libsodium
• Encryption (AES, TLS) for protecting logs at rest and in transit
• Random Number Generation & Entropy ensure cryptographic operations are secure
• Security Protocols: TLS, HTTPS, JWT, OAuth, HMAC
• Threat Modeling: Identify risks in tamper-evident logging and non-repudiation

Practical Experience:

• Implementing digital signatures and hash chains in production systems
• Designing tamper-proof or non-repudiable logs
• Working with secure authentication systems
• Familiarity with compliance standards (HIPAA, PCI-DSS, GDPR)
• Experience with SaaS integrations for audit or timestamping (e.g., CertNode, blockchain-based solutions)

Certifications (Optional but Valuable):

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Encryption Specialist (EC-Council)
• Practical Cryptography Certifications (e.g., Stanford/EdX Cryptography courses)

Soft Skills:

•  Attention to detail — small mistakes in crypto break security
• Strong problem-solving and debugging skills
• Ability to explain complex crypto concepts to backend engineers or auditors
• Familiarity with regulatory compliance and audit processes