— 2 years of practical experience in the field of information security
— Higher education in computer science or 5+ years of practical experience with higher education in other areas
— Practical experience in communication with customers, partners, suppliers, and vendors on information security issues in products and services
— Knowledge and understanding of the basic means of information security (for example, Anti-Virus, Firewall, IPS / IDS, DLP, VPN, TLS, etc.)
— OWASP Top 10 knowledge and expertise in implementation and vulnerability management mechanisms
— Knowledge and understanding of information security standards — ISO 27001, GDPR, NIST, PCI DSS
— Fluent English
— Experience with security research tools for web applications and source codes (Qualys Web Application Security, Acunetix, SonarQube, Black Duck, Checkmarx, Fortify, OWASP ZAP, Burp, etc.)
— Experience in researching web application vulnerabilities
— Participation in projects aimed to prepare the company’s services, products and processes for compliance with international and industry safety standards — ISO 27001, SOC2, PCI DSS
— Competitive salary
— Flexible working hours
— Corporate English courses
— Medical insurance
— Gym, food court, football and basketball teams, table tennis
— Comfortable office near metro station Demeevskaya with the bicycle and car parking
— Assist in the preparation of tender documents
— Communicate with customers about the security of the company’s product line
— Communicate with external parties (auditors, independent experts) on security issues of the company’s product line
— Task development teams to eliminate vulnerabilities and improve the security functionality of the company’s product line; control their execution
— Systematize and update the knowledge base with clients’ typical questions on information security
— Assess products, partners and suppliers compliance with information security requirements
— Review company’s information security policies and procedures
— Update information security policies and processes in accordance with the requirements of ISO 27001, GDPR, HIPAA, etc.
— Monitor the implementation of information security processes and prepare the necessary records and evidence on the implementation of information security processes
Terrasoft is a leading low-code, process automation, and CRM company. It has been highly recognized as a market leader by key industry analysts. We create a world where any business idea can be automated in minutes.
Our main product is Creatio system, a platform based on a distributed architecture that uses the SPA solution approach.
Our R&D department works regarding the principle of Continuous Integration. We also use the following practices: TDD, Code Review, Pair Programming and Scrum.
This year we are scaling our R&D team, so we invite an experienced Security Analyst to join our team.