Avertra Corp

Security Engineer

Avertra Corp · Amman, Amman, Jordan

IT Services and IT Consulting · 201-500 employees

5 d ago
Senior (5-10 yrs) Full-time Jordan
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Build and maintain runtime, detection, and application security layers to achieve SOC 2 and PCI DSS 4.0 compliance. Own security design, vulnerability management, and the production of audit evidence for the Azure/AKS platform.

What they look for

Application Security Testing Detection Engineering Vulnerability Management Azure Security Kubernetes Security SIEM SAST/DAST SOC 2 Compliance PCI DSS 4.0 WAF Tuning TypeScript Node.js React Network Security Incident Response Cloud Security

Requirements

Requires 4-7 years of experience in security engineering or DevSecOps with deep technical expertise in Azure, Kubernetes, and security scanning tools. Must be proficient in SIEM detection engineering and have a strong grounding in OWASP Top 10 and API security.

Full description

Avertra's mission is to Simplify Life — automating complex decision-making for customer-centric industries including Utilities, Financial Services, Logistics, and Commerce, while directly improving the employee and customer experience.

What We Promise You:

  • A global family building a sustainable, scalable ecosystem guided by logic and empathy.
  • A clearly-scoped, high-impact mandate, ship real controls, not just reports.
  • Genuine investment in your growth and mastery of your domain.

The Security Engineer is responsible for building the runtime, detection, and application-security layers that carry Avertra into SOC 2 and PCI DSS 4.0 compliance, partnering with the in-house DevOps team on Avertra’s Azure / AKS platform (TypeScript / React / Node application landscape, including billing and guest-payment flows in PCI scope).

The role owns security design, detections and rules, application-security testing, the vulnerability management program, vendor remediation, and control evidence. DevOps owns the CI/CD pipeline, AKS, and infrastructure execution; a fractional vCISO and GRC platform own the audit itself, this role supplies and maintains the evidence for the controls it builds.

Main Job Responsibilities

  • Application Security Testing
  • Introduces and tunes DAST against running applications; triages findings and drives fixes.
  • Deploys and owns a semantic SAST engine tuned for TypeScript / React / Node; owns the rules, triage, and merge-block policy.
  • Detection Engineering & Response
  • Builds the detection layer on the SIEM: correlation rules, alerts, and incident playbooks.
  • Defines and tunes runtime workload detection in AKS and file-integrity monitoring.
  • Owns what is detected and how the organization responds, while DevOps stands up SIEM infrastructure, log shipping, and agent deployment.
  • Edge & Network Controls
  • Owns the WAF ruleset: tunes the OWASP ruleset, defines exceptions, and confirms Prevention mode and that logs reach the SIEM.
  • Vulnerability Management as a Program
  • Stands up a vulnerability aggregator: dedups across scanners, assigns owner and risk-based SLA per finding, drives ticketing, and surfaces SLA breaches on a dashboard.
  • Defines secret-scanning policy (pre-commit and history sweep) and unifies the release gate across all scanners.
  • Assurance & Evidence
  • Manages the ASV scan and annual penetration-test vendors; triages results and drives remediation.
  • Produces and maintains evidence for owned controls, alongside the vCISO and GRC platform, to support SOC 2 Type II and PCI DSS 4.0 assessments (supports, but does not run, the audit).

Requirements

Needed Competencies

  • Technical expertise integrating and tuning security scanners in CI/CD pipelines (Azure DevOps ideal): SAST, DAST, SCA, secrets, IaC.
  • Technical expertise in DAST (OWASP ZAP or equivalent) and semantic SAST engines (Semgrep / CodeQL) on TypeScript / React / Node codebases.
  • Technical expertise in SIEM detection engineering (Microsoft Sentinel and/or Wazuh / Elastic): writing detections, correlation, alert tuning, and playbooks.
  • Technical expertise in Kubernetes / AKS security and runtime detection (Falco / Defender for Containers), network policies, and Pod Security Standards.
  • Technical expertise in vulnerability management: aggregation / dedup, risk-based SLAs, and triage (DefectDojo or equivalent).
  • Technical expertise in Azure security fundamentals: Defender for Cloud, Entra ID / RBAC, Key Vault, and edge WAF (OWASP ruleset).
  • Solid grounding in OWASP Top 10, TLS / PKI, authentication protocols, and API security.
  • Strong decision-making capabilities to weigh the relative costs and benefits of controls and prioritize risk-based remediation.
  • Ability to produce clean, audit-ready evidence for SOC 2 and/or PCI DSS control requirements (supporting, not running, the audit).
  • Builder’s mindset: OSS-first, iterating toward managed services.
  • Clear communicator: able to translate risk for engineers and executives, with strong written English and documentation.
  • Collaborative: drives secure-by-default practices through the DevOps and engineering teams rather than owning infrastructure directly.

Education

  • Bachelor’s on Computer Science, Information Technology, or a related field is recommended as a reasonable default, to be confirmed.

Experience

  • 4–7 years in security engineering, DevSecOps, or application security, with hands-on experience building and tuning security controls. Comfortable partnering with DevOps / platform teams rather than owning infrastructure directly.

Knowledge, Skills and Abilities

  • Excellent written and spoken English; able to translate risk clearly for both engineers and executives.
  • Experience preparing an organization for a first SOC 2 Type II or PCI DSS assessment (nice-to-have).
  • Familiarity with GRC / continuous-compliance platforms (Vanta, Drata); policy-as-code (OPA / Conftest); threat modeling (nice-to-have).
  • Preference for OSS-first security tooling with a managed Azure-native upgrade path.
  • Effective listening and multi-tasking capabilities across concurrent security workstreams.

Preferences

  • Certified Kubernetes Security Specialist (CKS)
  • Microsoft SC-200
  • Microsoft AZ-500
  • OSCP
  • CEH
  • PCI ISA / PCIP
  • CISSP / CISM

Travel

  • Up to 15%

Work Schedule

  • Monday–Friday, 10:00 AM – 7:00 PM (or as agreed). Hybrid work model, demand-based.