IT SmartFlex is a product IT company that is part of the Vodafone Ukraine group. Development of telecommunications software and solutions for daily use by millions of users is the company’s core business. Our goal is to form our own expertise in the IT sphere, creating new design solutions for the telecommunications sector.
13 сентября 2021

IT security expert/ Penetration Tester

Киев

Необходимые навыки

• 3 years of relevant work experience
• Software development experience in a production environment
• A deep understanding of the application architecture
• A knack for finding flaws in software and can efficiently communicate how to fix them
• Strong communication skills and is accustomed to working closely with a product team
• Doesn’t always default to industry norms when solving a problem
• An ability to think like an attacker to develop threat models
• Has designed and implemented mitigations for common classes of bugs

• Experience in:WAF
• Authentication (Identity management, MFA/2FA)
• Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)
• Web Services Security (WS-Security, Oauth, JWT)
• Static Source Code Review Tools (e.g. Fortify, Appscan Source, Contrast, etc).
• Application Service Hardening (CIS, NSA/DOD STIGs)

Будет плюсом

• BA or BS in information security, engineering, computer science, or related areas. A Master’s degree in
an IT field is a plus, and a Master’s in cybersecurity is an even bigger plus.

Предлагаем

All IT benefits

Обязанности

• Work with our code
• Develop techniques to ensure development teams find flaws before they are introduced into production
• Be a security subject matter expert and respond to any security development question
• Work with development teams to design solutions that are inherently secure
• Correctly balance security risk and product advancement
• Lead software security initiatives
• Lead or participate in threat modeling discussions
• Perform code deep dives to uncover security vulnerabilities or design
• Document findings and architectural issues for development and other security teams consumption
• Evaluate the security posture of existing applications
• Perform proactive research to detect new attack vectors and pentest internal and external apps

LinkedIn