Application Security Engineer (ID:146) (вакансія неактивна)

Infopulse welcomes talented professionals to join our team as an Application Security Engineer.

The security specialist will be collaborating closely with our Application Development, DevOps and Production Support teams with a focus on defining processes and standards, ensuring that corporate requirements and best practices are implemented in SDLC. In this role, the specialist will collaborate closely with all our internal and our customer’s development teams to ensure adherence to security policies, processes and standards, provide information security recommendations and guidance in order to identify, manage, and mitigate security risks.

Areas of Responsibility

• Perform system & application security requirements review, definition and clarification
• Conduct security audits for corporate systems, perform application security testing
• Participate in threat modelling and application risk assessment
• Work closely with development teams to support integration of the best security practices into their development processes
• Participate in enhancement of SAST/DAST/IAST integration into application CI/CD pipeline
• Contribute to corporate SDLC enhancement, design and implement security controls and best practices
• Investigate and pilot commercial and open-source application security tools
• Participate in developing corporate regulations, technical reports, and presentations related to application security

Qualifications

• Bachelor’s or master’s degree in computer science or related field, or equivalent experience
• 3+ years of experience in secure development, technical security audit or security consulting areas
• Solid understanding of fundamental building blocks of application security such as: authentication, authorization, data validation, encryption, security assurance
• Good understanding of software architectures and technologies (including web application architectures, operating systems architectures, cloud architectures, TCP/IP Stack, software development processes)
• Detailed familiarity with application security concepts/standards/laws/best-practices (e.g. OWASP, CIS, NIST SP 800, ISO 27K series)
• Experience in security testing, application threat modelling and systems/applications security risk assessment
• A burning desire to grow in both engineering and security expertise

Will be an advantage

• Practical experience in using popular commercial and open-source security testing tools (e.g. Acunetix, Nessus/Tennable.io, Burp, ZAP, Kali Linux)
• Practical experience in Microsoft Cloud Security
• Good understanding of at least two of following programming languages (i.e. ability to figure out what’s going on by looking at code snippets): C#, C++, Java, Python, JS
• Practical experience in application development, secure coding and scripting languages for automation
• Practical experience in hardening systems

Personal Skills

• Well-developed analytical and problem-solving skills
• Strong ability to conduct research
• Ability to work independently
• Ability to manage multiple tasks according to priorities
• Being a result-oriented person
• Having good communication skills (writing and speaking), including giving presentations