Junior AppSec Engineer (вакансія неактивна)

This vacancy is only for Ukrainian residents within Ukraine.

We are looking for a junior Application Security Engineer. If you are interested in performing security assessments and working hand-in-hand with security engineering and software developers, this may be your position!

Responsibilities:

• Perform security assessment and review of code and behaviour of systems (web, API, backends, Linux). Mostly whitebox, occasional blackbox.
• Perform security search for weaknesses and vulnerabilities in software in novel fields and areas.
• Participate in SSDLC for our products and our customers’ products. Explain risks & threats, work with developers to select security controls that would improve security without restricting usability/performance.
• Dive into application security, infrastructure security, cloud and on-prem infrastructures, dedicated hardware, IoT security, ML security, and weird stuff beyond casual imagination with our team of skilled engineers. Check out an example of our work.
• Stay updated with emerging security threats, vulnerabilities, and controls by reading articles, papers, and NIST guidelines. Follow CVE updates and understand how the threat landscape is changing

Requirements:

• 1+ years as an application security engineer or similar position.
• Experience in performing security assessment for web applications and cloud systems.
• Be familiar with application security verification frameworks: OWASP ASVS.
• Understanding SSDLC and its difficulties: OWASP SSDLC, NIST SSDF.
• An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls. How to combine detective, preventive and corrective controls.
• Experience in popular security tools required for the job, or ability to learn them quickly (Burp Suite, network analysers, various SAST and DAST, dependency and vulnerability scanners).

Nice to have:

• A certain area of expertise and deep interest in web, mobile, IoT, infrastructure — an area where you have “seen things” and ready to share experience.
• Basic knowledge in cryptography: understanding the differences between symmetric and asymmetric cryptography, hashing, KDF.
• Be familiar with NIST SP 800-53.
• Be familiar with threat modelling (OWASP threat modelling, STRIDE, MITRE ATT&CK).
• Practical experience in scripting languages (Python, Bash, or even Javascript (meh)).

Our hiring process:

• Test task
• Introduction call
• Technical interview
• Offer

What’s in it for you?

• Competitive compensation with a flexible bonus scheme.
• Hybrid work model: this position allows for a combination of in-office and remote work as needed.
• UK, EU and USA clients.
• Working at the crossroads of ML security, cryptographic protocol support, hardware protection, reverse-resilient mobile app development, and securing web apps for millions of users.
• You will work with people deeply interested in security engineering, you will learn a lot.
• Public track record in the open-source aspect of our products.
• Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops, and blog posts.
• Paid vacation — 21 business days per year.
• Paid sick leaves.

Our software is well-known amongst security-aware teams, recommended by OWASP, and popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems. We work in the B2B space, with customers such as power grid operators, payment processors, legal companies, and million-user customer applications. We cater to young ambitious startups and well-established enterprises, that use our software and solutions as a core part of their security arsenal.