IT SmartFlex is a product IT company that is part of the Vodafone Ukraine group. Development of telecommunications software and solutions for daily use by millions of users is the company’s core business. Our goal is to form our own expertise in the IT sphere, creating new design solutions for the telecommunications sector.
9 апреля 2021

IT security expert/ Penetration Tester (вакансия неактивна)

Киев

Необходимые навыки

• 5 years of relevant work experience
• Software development experience in a production environment
• A deep understanding of the application architecture
• A knack for finding flaws in software and can efficiently communicate how to fix them
• Strong communication skills and is accustomed to working closely with a product team
• Doesn’t always default to industry norms when solving a problem
• An ability to think like an attacker to develop threat models
• Has designed and implemented mitigations for common classes of bugs

• Five or more years’ experience in:
• Authentication (Identity management, MFA/2FA)
• Applied Cryptography (PKI, Appropriate usage of Cryptographic Primitives, Digital Signatures, HASHing, HMACs)
• Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)
• Web Services Security (WS-Security, Oauth, JWT)
• Static Source Code Review Tools (e.g. Fortify, Appscan Source, Contrast, etc).
• Application Service Hardening (CIS, NSA/DOD STIGs)
• Coding experience in one or more general languages

Будет плюсом

• Certified Security Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Professional (CISSP)
• BA or BS in information security, engineering, computer science, or related areas. A Master’s degree in
an IT field is a plus, and a Master’s in cybersecurity is an even bigger plus.
• Mobile App development experience a plus

Предлагаем

All IT benefits

Обязанности

• Develop techniques to ensure development teams find flaws before they are introduced into production
• Be a security subject matter expert and respond to any security development question
• Work with development teams to design solutions that are inherently secure
• Be a champion for simple security models
• Correctly balance security risk and product advancement
• Lead software security initiatives
• Lead or participate in threat modeling discussions
• Perform code deep dives to uncover security vulnerabilities or design
• Document findings and architectural issues for development and other security teams consumption
• Evaluate the security posture of existing applications
• Perform proactive research to detect new attack vectors and pentest internal and external apps