Description
Location: Remote (Occasional meet-ups in London)Job Type: Part-time / ContractorSalary: Competitive, based on experienceAbout Me:I specialise in delivering top-notch custom solutions for eCommerce and SaaS businesses. I take pride in safeguarding the integrity of client applications and customer data. As my workload expands, I am seeking a Security Specialist (eCommerce & SaaS) who has a deep understanding of web application security and can help ensure the safety and security of my clients’ systems.Job Overview:You will be responsible for maintaining and enhancing the security of custom-built eCommerce platforms (e.g., Solidus, Ruby on Rails) and SaaS applications (e.g., Django, Sailor). This role comes with high responsibility, as your expertise will directly impact the safety of sensitive customer data and the overall integrity of the applications I manage. You will collaborate with my development team to ensure best practices are followed, vulnerabilities are mitigated, and compliance is maintained.Key Responsibilities:• Conduct thorough penetration testing and vulnerability assessments for custom eCommerce and SaaS platforms.• Ensure PCI-DSS compliance for platforms handling payment transactions.• Safeguard against common threats like SQL injection, XSS, CSRF, and data breaches.• Implement and optimise secure coding practices and assist in securing payment gateways and sensitive customer data.• Work closely with developers to integrate security controls into the development lifecycle of Ruby on Rails, Solidus, Django, and Sailor applications.• Audit and harden web applications to prevent unauthorised access and data leaks.• Provide security reports, actionable recommendations, and assist with incident response if security breaches occur.• Regularly update security protocols in response to emerging threats and regulatory changes (e.g., GDPR, CCPA).• Collaborate with other team members to ensure high-performance, scalable, and secure solutions for clients.• Leverage your experience with Linux Kali for advanced penetration testing and security assessments.Requirements:• Strong experience with web application security, especially in Ruby on Rails, Solidus, Django, and Sailor.• In-depth knowledge of eCommerce and SaaS security challenges.• Solid understanding of web security principles and best practices.• Experience in penetration testing and using tools such as OWASP ZAP, Burp Suite, Nessus, and Linux Kali for advanced security testing.• Strong background in PCI-DSS compliance and related security measures.• Experience with cloud security and multi-cloud architectures (AWS, GCP, Azure).• Solid understanding of encryption, hashing, and secure data transmission protocols (e.g., SSL/TLS, HTTPS).• Experience with securing API integrations, especially those involving third-party payment systems or sensitive data.• Ability to conduct thorough security audits and provide clear, actionable feedback.• Familiarity with securing containerised applications (Docker, Kubernetes) and modern DevSecOps practices.• Exceptional attention to detail and the ability to work autonomously, especially in a fast-paced, results-driven environment.Desired Certifications (Bonus):• CISSP (Certified Information Systems Security Professional)• CEH (Certified Ethical Hacker)• CISA (Certified Information Systems Auditor)• CompTIA Security+• PCI Professional (PCIP)• AWS Certified Security – Specialty• Certified Cloud Security Professional (CCSP)• Offensive Security Certified Professional (OSCP)Why Work With Me?• Remote work flexibility: Work from anywhere in the world, with occasional meet-ups in London.• Performance-based success: Your performance will be measured by the success and security of my clients’ applications. Success is the only option.• Experienced team: Work with a team that is already well-versed in web security, contributing to high-impact projects.• Growth opportunities: Work on diverse, challenging projects and hone your security expertise.How I Measure Success:Success in this role is defined by how well you secure my clients’ web applications and safeguard their customer data. Your ability to identify vulnerabilities, implement proactive measures, and stay ahead of emerging security threats will be key to your success.