— Experience with C/C++ and/or Java
— Advanced Knowledge of CWE/SANS 25 common programming errors, and OWASP top 10, their attack vectors, and how to mitigate against these errors and vulnerabilities
— Experience with web application architecture and design
— Experience with layer 7 web defense (WAF, RASP, etc.)
— Experience with penetration testing tools (ZAP, Burp)
— Familiarity with Static and dynamic code scanning tools
— Familiarity with Version Control Tools such as Git, Bitbucket, Svn, Mercurial, Perforce
— Experience with mobile programming, either Android or iOS
— Familiarity with CI/CD tools such as Jenkins, Docker, Puppet, Kubernetes
— Experience identifying attack and service abuse artifacts in application logs
Nice to have:
— One or more relevant security certifications, such as OSCP, OSCE
— CTF(capture the flag) / bugbounty / CVE
— Strong knowledge of RedHat Linux
— Strong knowledge of Microsoft Windows
— Strong command line and scripting skills
— Experience working with global teams
— Perform static and dynamic code testing, threat modeling, design reviews, and penetration testing of company applications, review results and work with engineering to provide fixes.
— Support the implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines.
— Develop and implement manual and automated web and mobile application security testing of the company’s applications.
— Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concepts, and pilot installations.
— Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering and review bug fixes.
— Develop and implement security testing and quality controls in CI/CD process.
— Build re-usable security libraries and other components for Engineering teams to use in their development and QA work.
— Define privacy by design and privacy engineering practices, and work with development teams to implement.
— Drive effectiveness, adoption, and measurement of security software development practices.
— Assist QA in developing security test cases, and testing those cases.
— Work with software development teams to secure development environments.
— Write and maintain relevant documentation and audit reports.
AB Soft works with a leading provider of global enterprise cloud communications, collaboration, and contact center solutions. The platform empowers employees to work better together from any location, on any device, and via any mode to serve customers, improving business efficiency and customer satisfaction. The company provides unified voice, video meetings, team messaging, digital customer engagement, and integrated contact center solutions for enterprises globally.