3+ year of experience with CI/CD principles and tooling [Git, Terraform, Jenkins, Artifactory];
3+ year experience with Azure focus on security and 1+ year with Kubernetes secure deployment;
Security experience on Azure / MO365 security features and components;
Deep knowledge of SSDLC, secure development and runtime application protection;
Deep knowledge of containers development and security applied on those environments in terms of container, host and orchestrator(s) security and workload protection;
3+ year experience with scripting language such as Java, .NET, Python, Bash, PowerShell, etc.;
Experience with IAM provider (Azure AD), Vault (Hashicorp) and OpenVPN and similar;
Significant knowledge of security best practices for cloud native architectures, both on development and deployment;
Experience with cloud-based security management SIEM tools, e.g. Splunk (nice to have) or ELK;
Proven track record in supporting development teams in security area throughout all phases of systems development life cycle (design, threat modelling, development, maintenance);
Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines;
Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10;
Sound knowledge on modern authentication/authorization frameworks, methods, and technologies (OAuth2.0, OIDC, JWT);
Experience with Scrum approach;
Good communication skills, ability to conduct email communications, lead security-related meetings and discussions;
At least Upper- Intermediate level of English including cybersecurity-related vocabulary.
Understanding or experience about SOP (Standard Operating Procedure), SOX Compliance, Audit Control.
Besides such basics as a competitive salary, comfortable and motivating work environment, here at Intellias we offer:
For your professional growth —
Innovative projects with advanced technologies;
Individual approach to professional and career growth (Personal Development Plan);
Regular educational events with leading industry experts;
For your comfort —
Flexible working hours;
Spacious office with lots of meeting rooms;
Kids’ room with professional baby-sitter (offices in Lviv & Kyiv).
For your health —
3 health packages to choose from — medical insurance, sports attendance or mix of both;
Annual vitaminization program;
Annual vaccination and ophthalmologist check-up.
For your leisure —
Corporate celebrations and fun activities;
Beauty parlor (offices in Lviv & Kyiv).
Role: Product security / Application Security / DevSecOps / Security Architecture;
Security advisory on projects with different size and technologies;
You will be the primary security engineer for software products and act as the point of contact for engineering and security;
Design, build and review security-related services and functions of web applications, mobile applications, and desktop applications;
Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon/MS Threat Modeling Tool);
Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications;
Work with product & development managers for the assessment and prioritization of security-related tasks in the development backlog;
Provide the Engineering teams well-researched security solutions and controls to mitigate risk and fix vulnerabilities;
Improves the adoption of security best practices in testing, automation, and continuous integration pipelines.