Java/JS Security Lead (offline)

For over 3 years, we have been working in the sphere of Conversational Applications, we also have our E-commerce product for Shopify platform as well as develop Web & Mobile domain. We were the first in the world, who succeeded to integrate Apple Pay into Apple Business Chat.

Now we’re looking for Java/JS Security Lead having the background and experience in software security field, to help implement software security strategy, focused on leading Security Architecture and DevSecOps for Ukraine based Client’s DOEC.

You will be a focal point for Client’s Security team (Israel based) responsible for the overall security in the DOEC office in Ukraine.

The Security team is responsible for development and implementation of controls for protecting Client Company assets, meeting strict customer requirements and international security standards as well as proactively developing risk mitigation programs.

Requirements
- 8+ years of experience in the Software development and engineering field
- High experience in one or more of the following programming languages: Java and NodeJS/JS.
- High communication skills, work experience in global companies and a desire to function in a team-based environment
- BSC degree in Computer Science, a related field or equivalent experience
Preferred/Nice to have skills
- Experience in public Cloud, Docker and K8S architectures

Plus:
- Experience in leading Secure Development LifeCycle, threat modeling, penetration testing and in using and analyzing findings of Static Code Analysis and Open Source Analysis tools.
- Ability to detect, explain, remedy and validate software security issues such as OWASP top 10 vulnerabilities.
- Experience with ISO 27001 and other certifications like SOC 2+, Hitrust, PCI.
Security certifications such as CISSP, CSSLP, CEH, GIAC, and GSSP-JAVA.

Responsibilities
- Act as the single leadership point of contact for security strategy and security product architecture at MOC DOEC.
- Ensure consistency and standardization in software security, compliance, certification, IT policies, network configuration mechanisms for Client’s DOEC.
- Report and triage vulnerabilities, provide metrics, track, plan, and ensure timely remediation of open issues.
- Participate in product requirements and design review meetings, review product design documents, provide security requirements and identify potential security threats in the design.
- Provide practical security best practices, perform manual code review for major security features and implement automatic security tools (SAST, DAST, etc.) into the CI/CD processes
- Coordinate risk assessment and penetration test activities.
- Manage and supervise security-related topics

Reporting
- The role reports directly to the Client’s Head of Cyber Resilience (Israel based) and MOC’s Chief Technical Officer.

About Master Of Code Global

Master of Code Global is an American software development company with a Ukrainian heart and history. Founded in 2004, MOC is headquartered in Cherkasy, Ukraine.

We collaborate with innovation departments of worldwide known companies and brands such as T-Mobile, World Surf League, FitPay, eBags and others.
Our aim is to provide a technological solution to clients’ ideas. We carefully choose a stack of technologies most suitable for the project and offer it to the client.

This is why we highly appreciate in our team members such personal traits as initiativity, proactivity in communications and openness to new technologies.
We have a flat structure i.e. developers can communicate with a client directly and offer solutions to problems.

Our main feature is our corporate culture and approach to work with clients, therefore we are looking for a person not for a particular project, but for the team as well.

Company website:
http://masterofcode.com