Security Specialist (вакансія неактивна)

Requirements:
— 5+ years of experience in Information Security with focus on Incident Response, Security Engineering, and/or Intrusion Detection;
— Ability to analyze endpoint, network, application logs, malware and obfuscated code;
— Knowledge of web application vulnerabilities with ability to triage/verify OWASP Top 10 issues;
— Knowledge of CVEs and recent security vulnerabilities;
— Excellent problem solving skills combined with hands-on experience doing root cause analysis and post incident reviews;
— Experience with container and orchestration technologies such as Docker and how to secure them;
— Good Linux experience and in particular experience with Kernel security;
— Solid knowledge of computer networks and common protocols: TCP/IP, SSL/TLS, HTTP, and etc.;
— Experience with application security and secure network architectures;
— Experience performing IT security audits;
— Experience performing vulnerability assessment, penetration testing;
— Experience with writing and tuning of IDS signatures;
— Proficiency in one or more programming/scripting languages;
— Both written and verbal upper-intermediate English at least.

We offer:
— interesting and challenging work in a dynamically developing company;
— exciting projects involving newest technologies;
— professional development opportunities;
— flexible schedule;
— business trips abroad;
— English language study;
— team buildings and corporate parties;
— gym membership reimbursement;
— modern and comfortable office facilities.

As delivering both high quality and secure products is our key focus, we are looking for a Security Engineer who has a passion for securing and supporting our client’s multiservice infrastructure.
The individual filling this role will work closely with worldwide teams (USA, Ukraine, Germany, Israel, India) who own their infrastructure from top to bottom, and should feel comfortable auditing services and shipping changes into production.

Responsibilities:
— Work with engineering team for consultation on remediation of security issues;
— Security training of engineering teams;
— Audit systems (prod, corp, test, dev, other);
— Participate in Architecture reviews of upcoming projects;
— Improve QA processes by adding security validations;
— Audit security and fraud profile of acquisitions;
— Implement and maintain IDS / IPS solutions.

Our client, the student hub in USA, is transforming the way millions of students learn by connecting them to the people and tools needed to succeed throughout their high school and college career. The company offers an array of required and non-required scholastic materials including millions of textbooks in any format, access to online homework help and textbook solutions, course organization and scheduling, as well as college and university matching tools and scholarship connections. Since it launched nationally as a textbook rental company in 2007, our client has enhanced education for millions of students by saving them time, saving them money and helping them get smarter.
Because of that, it is vital for our company to find a specialist who will work with a team of analysts, engineers and technical managers on daily operational monitoring and escalation of information security events and also function as an intrusion analyst to examine security events for context, risk, and criticality.