Web Security Engineer
TrafileaJob Summary
Trafilea is a dynamic tech e-commerce group operating multiple direct-to-consumer brands in intimate apparel and beauty sectors. The Web Security Engineer role involves ensuring the security, integrity, and compliance of web applications and infrastructure by identifying vulnerabilities, implementing best practices, and collaborating with cross-functional teams. This requires proficiency in OWASP Top 10 vulnerabilities, web application architecture, security tools, and secure authentication mechanisms. Excellent problem-solving and analytical skills are necessary to identify root causes of security issues and communicate findings effectively. The ideal candidate will have hands-on experience integrating security tools into CI/CD pipelines and familiarity with cloud security, compliance frameworks, and scripting languages.
About Trafilea
Trafilea is a dynamic and innovative Tech E-commerce Group that operates multiple direct-to-consumer brands in the intimate apparel and beauty sectors, with a focus on using data-driven strategies to scale their businesses. In addition to our products, we have our own online community dedicated to promoting body positivity. As a rapidly growing global player, Trafilea is committed to creating high-quality products and services that enhance the customer experience and drive long-term growth. The mission of the Web Security Engineer is to ensure the security, integrity, and compliance of the organization’s web applications and infrastructure. This includes proactively identifying and mitigating vulnerabilities, implementing security best practices, and collaborating with cross-functional teams to embed security into every stage of the development lifecycle. The Web Security Engineer plays a pivotal role in safeguarding sensitive data and protecting against emerging threats.
Must-Have Technical Skills
• Proficiency in identifying and mitigating OWASP Top 10 vulnerabilities.
• Strong knowledge of web application architecture, including client-server models, APIs, and microservices.
• Experience with security tools such as Burp Suite, OWASP ZAP, and automated vulnerability scanners.
• Hands-on experience integrating security tools into CI/CD pipelines.
• Knowledge of secure authentication mechanisms, such as OAuth, SSO, and multi-factor authentication.
• Familiarity with common encryption standards and protocols (e.g., TLS, HTTPS, AES).
Must-Have Soft Skills
• Excellent problem-solving and analytical abilities to identify root causes of security issues.
• Strong communication skills for educating developers and reporting findings to stakeholders.
• Ability to work collaboratively across teams while maintaining a proactive approach to improving security.
Should-Have Technical Skills
• Familiarity with cloud security, especially in AWS environments.
• Experience with scripting and automation using Python, Bash, or similar languages.
•Knowledge of compliance frameworks and how they apply to web applications (e.g., GDPR, SOC 2).
