Samsung R&D Institute Ukraine looking for WEB Application Assessment Engineer for our best cooperation.
Key responsbilities:
Web vulnerability assessments and penetration testing of internal products:
- black-box security validation of WEB services and server infrastructure
- enterprise IT infra penetration testing
- security reviews according to Secure SDLC process (including requirements, design, source code)
Major Requirements
- BlackBox and WhiteBox WEB pen.testing and vulnerability assessment experience
- OWASP Top-10: understanding of common Web Application vulnerabilities
- crypto: understanding of crypto primitives and protocols (SSL/TLS, authentication & authorization protocols, crypto algs.)
- DB: understanding of database operation (PostgreSQL, MongoDB, MySQL, SqLite, MS SQL)
- ability to understand execution logic of JavaScript, Java, .NET
- toolset: hands-on experience with Burp, scripting (Python), assessment automation tools (fuzz, scan), docker
- good technical English
Optional Requirements
- security background (University, relevant prior employment, community activities, CTF)
- knowledge of PTES and NSA Vulnerability and Penetration Testing Standards
- network security: understanding of WAF, IPS/IDS operation and weaknesses
- proficient in Scala, Go, Lua code auditing
- strong understanding of REST, SOAP operation
- pentest experience of AWS-based cloud infrastructures and services
We offer:
- Annual bonus
- Official employment (gig contract)
- Paid 28 days of annual vacations and sick leaves
- Paid days off on Ukrainian official holidays
- Paid maternity leaves
- Opportunity to become an inventor of international patents with paid bonuses
- Medical and life insurance for employees and their children
- Convenient office location
- Paid lunches
- Regular education and self-development on internal courses and seminars, office library