# Summary
As a member of our Infrastructure & Information Security pod, you will support our cloud infrastructure by developing tools, building services, and providing consultative services to our engineering teams. You will play a crucial role in safeguarding our creators who entrust Teachable with their content every day. You’ll plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
# Baseline Requirements
- Understanding of framework architecture
# Hard Skills
- Familiarity with MITRE's ATT&CK Framework
- Experience leading or conducting Adversary Emulations
- Familiarity with industry Adversary Emulation Frameworks like CBEST, iCAST, GFMA
- Experience leading or conducting Purple Team Testing
- Participation in Cyber Tiger Team operations
- Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audiences
- Identifying, researching, validating, and exploiting various known and unknown security vulnerabilities on the server and client side
- Reporting information security vulnerabilities to businesses and senior management
- Providing support in remediation efforts
- Knowledge of web application infrastructure, such as Application Servers, Web Servers, and Databases
- Experience with automation of security testing as part of a CI/CD pipeline
- Proficiency in web development and programming languages such as Python, Perl, Ruby, Java, .NET
- Developing and implementing secure software development lifecycle (SSDLC) processes
- Experience with application security tools like Checkmarx, Sonatype, OWASP ZAP, Portswigger Burp, IBM AppScan, HP WebInspect, or Acunetix
- Experience in Cloud security, including AWS
# Soft Skills
- Commitment to continuous learning on the job
- Desire to build solutions, not just identify problems
- Strong analytical and problem-solving skills
- Effective communication skills, both written and verbal, to convey complex security concepts to various stakeholders
- Ability to work collaboratively in a team environment and independently manage tasks
# Education
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent experience
# Certifications
- CSSLP (Certified Secure Software Lifecycle Professional)
- Additional certifications such as CEH, CISSP, or AWS Certified Security Specialty are a plus
# Salary Ranges
## Asia
- $41K - $60K - $84K
## Africa
- $39K - $54K - $59K
## North America
- $73K - $100K - $130K
## South America
- $55K - $87K - $132K
## Europe
- £30K - £48K - £120K
## Oceania
- AU$56K - AU$90K - AU$145K
# Interview Questions
- [Application Security Engineer Interview Questions](https://ishaqmohammed.me/posts/application-security-engineer-interview-questions/)
- [Application Security Interview Questions](https://www.wisdomjobs.com/e-university/application-security-interview-questions.html)
# Training Resources
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
- [PortSwigger Web Security Academy](https://portswigger.net/web-security)
- [Hack The Box](https://www.hackthebox.eu/)
- [Pentester Academy](https://www.pentesteracademy.com/)
- [Cybrary](https://www.cybrary.it/)
- [Offensive Security Training](https://www.offensive-security.com/training-courses/)
- [Cloud Academy](https://cloudacademy.com/) - For cloud security training
- [Coursera](https://www.coursera.org/) - Offers various courses on cybersecurity and cloud security
# Additional Information
Working in infrastructure and information security involves a mix of proactive and reactive measures to safeguard sensitive data and systems. It requires a thorough understanding of various cybersecurity frameworks and the ability to implement effective security protocols. Continuous learning and adapting to the latest security trends and technologies are essential.
Staying updated with the latest security trends, tools, and techniques is essential. Participating in cybersecurity communities, attending conferences, and contributing to open-source projects can also be valuable for professional development. Engaging in Capture the Flag (CTF) competitions and security challenges can further hone practical skills.
# Key Takeaways
1. **Understanding the Role**: Supporting cloud infrastructure by developing tools and services, and providing security consultation to engineering teams.
2. **Technical Proficiency**: Mastery of security frameworks, conducting assessments, automating security processes, and securing cloud environments are essential skills.
3. **Certifications and Education**: Formal education and certifications like CSSLP, along with additional certifications such as CEH, CISSP, or AWS Certified Security Specialty, provide a strong foundation for this role.
4. **Soft Skills**: A commitment to continuous learning, strong analytical and problem-solving skills, effective communication, and a proactive approach to building security solutions are crucial traits.
5. **Global Opportunities**: Salaries vary widely based on location and experience, reflecting the diverse opportunities in the field of cybersecurity.
By adhering to these guidelines and continually enhancing your skill set, you can build a successful and rewarding career in infrastructure and information security.