Application Security Engineer (вакансія неактивна)

Skills:

3+ years of experience as an Application Security Engineer, Pentester, or similar role
A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem
Knowledge of a broad range of attack vectors and exploits (API, OS, database, network, and code)
Strong understanding of the OWASP Top Ten security risks and how to mitigate them
Ability to manually find and exploit vulnerabilities in web-applications and services
Experience with HTML, XML, JavaScript, CSS, SQL, and JSON
Experience with common vulnerability scanning and reporting tools (Nessus, Burp Suite, ZAP)
Good understanding of application security verifications approaches (SAST, IAST, DAST)
Understanding of cloud environments (GPC, OpenStack)
Familiar with agile development, bug tracking, git and CI/CD;
Up-to-date knowledge of the latest security vulnerabilities (e.g. reported CVEs) against systems, web application frameworks, and libraries, including an understanding of their impact and exploitation techniques

Will be a Plus:

Broad experience across several different technology domains (compute, storage, network, database, data center, cloud, desktop, mobile devices, identity & access management, etc.)
Experience with code-level security auditing, automated static and dynamic code analysis tools
Offensive security certifications (OSCP, OSWE, OSCE, CEH, etc.)
Having experience as a software developer
Understanding of compliance frameworks (e.g. ISO/IEC 27001, PCI DSS)
Understanding of cloud deployment architecture, cloud security, automation, orchestration, docker and Kubernetes

— 21 days of paid vacation plus 1 day per every year you work with us (max. 25)
— 40 paid sick leaves
— Medical insurance with a pretty much good coverage for you to feel safe
— Gym (including the swimming pool)
— We have lunches which are company paid and delivered straight to the office
— Interesting and challenging tasks, opportunities for self-realization and career growth;
— English language courses;
— We hold team building activities and office parties throughout the year;
— A flexible schedule;
— A fun & entertaining working environment.

Responsibilities:

Security assessment of the Company software products
Identifying security flaws within running web-applications and services as part of infrastructure penetration testing and application security reviews
Conducting and managing regular vulnerability assessments in accordance with compliance requirements (PCI DSS, ISO/IEC 27001, etc.)
Working with the infrastructure and development teams to help identify and mitigate vulnerabilities
Control over the execution of application security analysis through the entire Software Development Life Cycle
Working directly with product teams to enforce security best practices and integrate automated security
Being part of a Security Incident Response team
Knowledge sharing and security training for internal QA and Development teams

EveryMatrix delivers a modular and API driven product suite including a market leading one-stop shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.

You will be involved in a wide range of projects to create our security program, yet have a specific focus on application security, for both on-premise and SaaS services. You will act as the Subject Matter Expert and work closely with the various teams on security engineering topics.