KSTT is a hi-tech product company and a major service development center in the sphere of global dealing. KSTT offers a one-stop-shop-solution without the one-product- fits-all mentality. Our key business areas are CRM (Customer Relationship Management) system development for global dealing platforms supported in over 20 languages.
13 мая 2018

Application Security Expert

Киев

Необходимые навыки

• Expertise in security domains:
 Experience with secure development lifecycle framework practices
 Familiarity with best practices in security related software processes (password protection, authentication methods, secure coding, etc.) and standards (OWASP, NIST, PCI, etc.)
 Familiarity with application security tools (SAST, DAST, 3rd party security review, etc.)
• Minimum 3 years of software development related experience
• Higher education in Computer Science, Software Engineering, Information Technology or related domains
• Working experience in a medium / large corporate environment
• Familiarity with different functions within a product team
• Practical knowledge of software technologies and concepts such as:
 Front End vs. Back End development
 Software related communication and formats (HTTP/S, REST, SOAP, JSON)
 Clients (Mobile, Desktop)

Будет плюсом

• Expertise in security domains such as Checkmarx, Micro Focus Fortify, IBM AppScan
• Proficiency of Python, C++, Mobile (Android / iOS)
• Proficiency of Java, JS, experience as penetration tester
• Working experience in a software company.
• Working experience in a large, geographically dispersed Organizations and decentralized Security Model.
• Security trainings and certifications:
 CCSK, CCSP, CEH, CISA,
 CSSLP, CISSP, CISM, OSCE/P
• Familiarity with OS and DB hardening procedures (Win Server / CentOS / RHEL / Oracle)
• Familiarity with cloud environments (AWS / Azure)

Обязанности

• Cooperate with other teams within Global Security group to achieve mutual goals
• Evangelize security within company and be an advocate for customer trust
• Represent the security group and form working relations with development teams to promote all Global Security group’s teams.
• Provide security controls and threat modeling for a product architecture and its underlying development environment and production environment in relation to AAA (Authentication, Authorization and Accountability) and CIA (Confidentiality, Integrity and Availability).
• Assess the security of in-house developed applications (both corporate facing and customer facing) through design reviews, code reviews, static analysis and penetration testing (either in-house or by external vendor) and assist other team members to perfect their skills in these activities.
• Evaluate surrounding aspects of the application security such as production administration, CI/CD processes, secret management, monitoring for security events.

LinkedIn
. Вы откликнулись на эту вакансию.
Представитель компании получит уведомление и свяжется с вами через какое-то время.
Прикрепите резюме:

Отменить

Горячие вакансии

Все вакансии

Похожие вакансии

Все похожие вакансии