Application Security Engineer
Требования
Местоположение и тип занятости
Компания
Телекоммуникационный сервис
Описание вакансии
Условия работы
What you will do:
- Perform static and dynamic code testing, threat modeling, design reviews, and penetration testing of company applications, review results and work with engineering to provide fixes.
- Support the implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines.
- Develop and implement manual and automated web and mobile application security testing of the company’s applications.
- Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concepts, and pilot installations.
- Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering and review bug fixes.
- Develop and implement security testing and quality controls in CI/CD process.
- Build re-usable security libraries and other components for Engineering teams to use in their development and QA work.
- Define privacy by design and privacy engineering practices, and work with development teams to implement.
- Drive effectiveness, adoption, and measurement of security software development practices.
- Assist QA in developing security test cases, and testing those cases.
- Work with software development teams to secure development environments.
- Write and maintain relevant documentation and audit reports.
Qualifications:
- Experience with C/C++ and/or Java.
- Experience with either JavaScript/NodeJS, PHP, or Python.
- Advanced Knowledge of CWE/SANS 25 common programming errors, and OWASP top 10, their attack vectors, and how to mitigate against these errors and vulnerabilities.
- Experience with web application architecture and design.
- Experience with layer 7 web defense (WAF, RASP, etc.).
- Experience with penetration testing tools (ZAP, Burp).
- Familiarity with Static and dynamic code scanning tools.
- Familiarity with Version Control Tools such as Git, Bitbucket, Svn, Mercurial, Perforce.
- Experience with mobile programming, either Android or iOS.
- Familiarity with CI/CD tools such as Jenkins, Docker, Puppet, Kubernetes.
- Experience identifying attack and service abuse artifacts in application logs.
Would be a plus:
- One or more relevant security certifications, such as OSCP, OSCE.
- CTF(capture the flag) / bugbounty / CVE.
- Strong knowledge of RedHat Linux.
- Strong knowledge of Microsoft Windows.
- Strong command line and scripting skills.
- Experience working with global teams.
Бонусы
- Well coordinated professional team.
- Cutting edge technologies, interesting and challenging tasks, dynamic project, great opportunities for self-realization, professional and career growth.
- Corporate training programs, English language courses.
- Medical insurance including dentist from the 1st working day, life insurance.
- Business trips to foreign branch offices (the USA, China) and further work H1-B U.S.
- Job placement and payment of salary take place according to the labor code.
- Sick leaves 100% paid.
- 28 day vacation 100% paid in accordance with the current salary.
- Office in 10-minute walk from the subway or remote work.
- Nonresident applicants are granted Relocation Bonus