Middle Information Security Engineer (вакансія неактивна)

Deep understanding of web security:
-models of trust
-authentication on the web
-vulnerability types, a detailed understanding of how they work and practical operational experience of their exploiting (XSS, SQLi, noSQLi (Mongo, Redis, Memcache), CSRF, SSRF, CSTI, SSTI, HTTP header injection, XXE, race conditions, unserialized attacks, cache deception, etc.). Extensive practical experience is required
A thorough understanding of network security:
-OSINT, enumeration, DNS, network pivoting, scanning
-knowledge of Windows and Linux architecture
-Active Directory, policy, DCs, etc.
Understanding of mobile security principles:
-analysis of network interaction, understanding its concepts
-reverse-engineering, Android/iOS Apps on basic level
Ability to write high quality and high-value audit documentation in English aimed at helping business representatives and software developers to improve Information Security within their products
Easily navigate through both offensive and defensive security areas
Ability to conduct audits of the finished software and provide meaningful recommendations
Ability to work in a team and independently
Certifications are desirable but not mandatory

Participation in CTF, public bug bounty programs
Conducting own cutting-edge security research
Experience with connected devices (CAN bus, IoT, etc.)

Conduct technical security audits (white/black/grey box) for existing and new projects:
— perform risk and threat model analysis
— identify focal points for analysis
— define audit methodology
— identify potential attack vectors
— prioritize and clearly define scope and undertaken responsibility
— develop meaningful audit reports
Conduct penetration testing
Keep development teams security-conscious:
— conduct internal knowledge seminars, educational events, and workshops
— help development teams make their products more secure
— help fight fear of information security among development teams
— create practical assignments for internal security events (CTF/contests)
Introduce Secure SDLC elements (in collaboration with CTO/QD)
Conduct research of your interest

We are looking for an Information Security Engineer to strengthen our Information Security expertise. You will take active part in Information Security audits and penetration testing on the current and new assignments of our customers, and help to keep up the security-conscious developers’ mindset.

We have a team of enthusiasts, who love their job and strive to learn more from the world and each other, all while doing the best work of their life.