KSTT is a hi-tech product company and a major service development center in the sphere of global dealing. KSTT offers a one-stop-shop-solution without the one-product- fits-all mentality. Our key business areas are CRM (Customer Relationship Management) system development for global dealing platforms supported in over 20 languages.
13 мая 2018

Application Security Expert


Необходимые навыки

• Expertise in security domains:
 Experience with secure development lifecycle framework practices
 Familiarity with best practices in security related software processes (password protection, authentication methods, secure coding, etc.) and standards (OWASP, NIST, PCI, etc.)
 Familiarity with application security tools (SAST, DAST, 3rd party security review, etc.)
• Minimum 3 years of software development related experience
• Higher education in Computer Science, Software Engineering, Information Technology or related domains
• Working experience in a medium / large corporate environment
• Familiarity with different functions within a product team
• Practical knowledge of software technologies and concepts such as:
 Front End vs. Back End development
 Software related communication and formats (HTTP/S, REST, SOAP, JSON)
 Clients (Mobile, Desktop)

Будет плюсом

• Expertise in security domains such as Checkmarx, Micro Focus Fortify, IBM AppScan
• Proficiency of Python, C++, Mobile (Android / iOS)
• Proficiency of Java, JS, experience as penetration tester
• Working experience in a software company.
• Working experience in a large, geographically dispersed Organizations and decentralized Security Model.
• Security trainings and certifications:
• Familiarity with OS and DB hardening procedures (Win Server / CentOS / RHEL / Oracle)
• Familiarity with cloud environments (AWS / Azure)


• Cooperate with other teams within Global Security group to achieve mutual goals
• Evangelize security within company and be an advocate for customer trust
• Represent the security group and form working relations with development teams to promote all Global Security group’s teams.
• Provide security controls and threat modeling for a product architecture and its underlying development environment and production environment in relation to AAA (Authentication, Authorization and Accountability) and CIA (Confidentiality, Integrity and Availability).
• Assess the security of in-house developed applications (both corporate facing and customer facing) through design reviews, code reviews, static analysis and penetration testing (either in-house or by external vendor) and assist other team members to perfect their skills in these activities.
• Evaluate surrounding aspects of the application security such as production administration, CI/CD processes, secret management, monitoring for security events.

. Вы откликнулись на эту вакансию.
Представитель компании получит уведомление и свяжется с вами через какое-то время.
Прикрепите резюме:


Горячие вакансии

Все вакансии

Похожие вакансии

Все похожие вакансии