— Audit and implement security checks and features for existing CI/CD processes;
— Analyze solutions for continuous monitoring and remediation of security defects across the application lifecycle;
— Designing and implement security controls for new company’s products/features/3-rd parties integrations during SDLC process;
— Design and implement security controls for infrastructure in „security as a code” approach and align it with company processes;
— Working closely with delivery and infrastructure teams to drive security issues and controls to resolution;
— Design automated hands-on threat modeling and risk evaluation processes for SDLC.
— Experience of 3+ year as ITSec engineer/AppSec specialist/Blue Team member in software product company or as independent researcher;
— Experience in CI/CD automation, code quality tools, Web/Native security, technical security assessment, experience with docker security, GitOps approach;
— Good understanding of computer networks (VLAN, IP addressing, security zones of trust, etc.);
— Understanding of common types of security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.);
— Experience with Docker, AWS, k8s, Nomad, Vault, orchestration tools like Ansible, SaltStack, Terraform;
— Scripting development using a variety of tools like Bash, Python, Perl, Go;
— Penetration testing / CTF / Bug Bounty experience;
— Experience with PCI DSS / SOC / GDPR;
— Knowledge in network security area;
— Security certifications such as OSCP, CSSLP, GIAC.