Yalantis has been providing software development services for over 12 years, helping clients around the world implement their ideas and create projects that contribute to business growth. We work on projects in the domains of healthcare, real estate, logistics, and telecommunications for clients in the US, Western Europe, and the Middle East.
22 ноября 2021

Applications Security Engineer (Penetration tester)

Киев, Днепр, удаленно

During our twelve-year journey, we have been helping our clients to create apps and enterprise ecosystems from scratch in order to achieve their business goals.
Right now our Application Security department is growing rapidly, so we’re looking for an experienced Application Security Engineer to become a member of our engineering team and practice technical skills. We are looking for a specialist who can help us to develop this area and become the Lead of AppSec.You will take part in building processes for external projects and play the role of a process supervisor rather than a permanent contractor.

What you’ll help us with:

— Performing automatic and manual penetration tests
— Building and optimization of Application Security controls (SAST, OSA, DAST, Container Security, Kubernetes Audit, Cloud Audit), and their integration into CI/CD
— Developing secure system design and secure coding recommendations
— Designing and implementing SDLC practices and processes including automated and manual security tests, code review, etc.
— Manage product bug bounty program and drive different program initiatives and promotions
—Together with teams, creating recommendations and practices for developers
— Implementation of processes for internal projects with further extension to client projects

Here’s the experience that will help you carry out work:

— At least two years in application security or in related field
— Basic knowledge of programming languages (Python/JS/Java/Go) and experience of scripting
— A clear understanding of the Secure Software Development Lifecycle, processes, and tools
— Knowledge of the most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overflow, brute force, rainbow tables, DoS, etc.) and how they match the general classification

These skills will also come in handy:

— Experience with Container Orchestration, Automation, and Security Configuration Management (Kubernetes, Jenkins, Terraform, Puppet, Ansible, etc)
— Experience with AWS (or other cloud platforms)
— Prior experience in Secure Software Development Lifecycle
— Participation in bug bounty programs and security research may be beneficial
— Certifications in Security, Cloud, etc. may be beneficial

What you’ll get from working with us:

— great compensation and social packages
— medical insurance
— sport and education compensation
— opportunities for professional growth and support for skills-development
— full reimbursement of certification
— Individual development plan
— the best networking opportunities with international clients
— knowledge sharing atmosphere
— team buildings and corporate activities
— full financial and legal support for private entrepreneurs
— special corporate currency and merch store

We expect our future colleague to have a strong security management background and good communication skills. Join us and send your CV to marina.golubitskaya@yalantis.net