Information Security Engineer II

We are seeking an experienced and highly skilled Information Security Engineer to join our organization. As an Information Security Engineer, you will play a critical role in safeguarding our systems, networks, and data from potential threats and vulnerabilities. You will be responsible for implementing and maintaining robust security measures, assessing risks, and ensuring compliance with industry standards and regulations. Join our team as an Information Security Engineer and help us drive innovation in the world of software development!

Experience : 3- 5 years

Key Responsibilities

Application Security Testing

• Conduct web application penetration testing using OWASP Top 10 and SANS 25 methodologies.
• Perform secure code reviews for web and mobile applications (Java, Python, .NET, Node.js, etc.).
• Identify and exploit insecure authentication, authorization flaws, and business logic vulnerabilities.
• Work with development teams to remediate security flaws and implement secure coding practices.

API Security Testing & Mobile Security:

• Perform API penetration testing (REST, GraphQL, SOAP) for authentication and data exposure issues.
• Assess OAuth, JWT, API rate-limiting, and API security misconfigurations.
• Test mobile applications (Android & iOS) for data leakage, insecure storage, and broken cryptography.

Infrastructure Penetration Testing & Cloud Security:

• Conduct network and infrastructure penetration testing on cloud and on-premises environments.
• Identify misconfigurations in cloud platforms (AWS, Azure, GCP) and container security issues.

Key Skills-

1. Web & API Penetration Testing

• Strong understanding of OWASP Top 10
• Hands-on with: Burp Suite, Postman (API abuse testing), Manual testing techniques (not only automated scans)
• Ability to identify: Auth bypass, IDOR, Business logic flaws., Access control weaknesses

2. Threat Modelling Expertise

• Experience conducting structured threat modeling
• Familiar with: STRIDE methodology, Attack trees, Abuse cases
• Ability to: Translate architecture diagrams into threat scenarios, Identify trust boundaries, recommend preventive controls.

3. Secure SDLC Integration

• Experience embedding security into DevSecOps
• Understanding of: SAST / DAST, Dependency scanning, CI/CD security gates, Ability to work with engineering teams constructively.

4. Reporting & Risk Communication

• Clear, structured penetration test reports
• Risk severity mapping (CVSS + Business impact)
• Ability to explain technical findings to Product & IT stakeholders

5. Important Supporting Skills

• Application & Infrastructure Knowledge
• Authentication mechanisms (OAuth2, JWT, SSO)
• API security best practices
• Basic network penetration testing
• Familiarity with Windows/Linux hardening

6. Mobile App Security (Nice to Have)

Android/iOS security basics, API traffic interception, Certificate pinning bypass knowledge.

7. Compliance Awareness

Working knowledge of: ISO/IEC 27001, Secure coding standards, Understanding of vulnerability management lifecycle.

8. Behavioral & Collaboration Skills (Very Important)

Qualifications

Bachelor’s degree in computer science, Information Security, or a related field (Master's degree preferred).

BENEFITS

• Hybrid working arrangements (weekly 2-3 days in the office)
• Annual performance-related bonus
• 6x Flexi time off: knock 2.5 hours off your day on any day.
• Medical insurance coverage for extended family members.

Engaging, fun & inclusive culture: check out the MRI Software APAC Insta feed and stories!

About Us

From the day we opened our doors, MRI Software has built flexible, game-changing real estate software that powers thriving communities and helps make the world a better place to live, work and play. Fulfilling that mission is only possible because of one thing: exceptional people. People like you!

Our people-first approach to PropTech is defining a new industry standard for client experiences that, quite frankly, can’t be duplicated. Experiences that deliver real value every day. And we know those experiences begin with our people.

We believe MRI is more than just a workplace; it’s a connected community of people who truly feel they belong. Whether we’re investing in employee resource groups or providing tailored resources for each person to reach their full potential, we’re passionate about creating a work environment that makes you excited to show up every single day.

At MRI, one of our core values is to strive to amaze. From the intelligent solutions we create to the culture we cultivate, that’s our goal every day. Because that’s what industry leaders do. Whether you’re joining as a new Pride member or rejoining us after a short time away, your talent is vital to us, our partners and our clients.

Amazing growth requires amazing employees. Are you up to the challenge?

We know confidence gap and imposter syndrome can get in the way of meeting remarkable candidates, so please don’t hesitate to apply. We’d love to hear from you!

MRI is proud to be an inclusive employer. We welcome and celebrate diversity across all backgrounds, including ethnicity, religion, sexual orientation, gender identity, disability, age, military, veteran status and more.

We believe that Belonging is a direct result of Diversity, Equity, and Inclusion. Those values are woven into the fabric of who we are and are foundational to our continued success. Come and see for yourself!