Application Security Engineer (offline)
Succesfull candidates will:
Have proven skills in application and mobile security.
Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills.
Demonstrated track record of quality processes in a candidate’s work history.
Be strongly self-motivated with an aptitude for both individual and team-oriented work.
Responsibilities:
Perform static and dynamic code testing, threat modeling, design reviews, and penetration testing of company applications, review results and work with engineering to provide fixes.
Support the implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines.
Develop and implement manual and automated web and mobile application security testing of the company’s applications.
Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concepts, and pilot installations.
Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering and review bug fixes.
Develop and implement security testing and quality controls in CI/CD process.
Build re-usable security libraries and other components for Engineering teams to use in their development and QA work.
Define privacy by design and privacy engineering practices, and work with development teams to implement.
Drive effectiveness, adoption, and measurement of security software development practices.
Assist QA in developing security test cases, and testing those cases.
Work with software development teams to secure development environments.
Write and maintain relevant documentation and audit reports.
Qualifications:
Experience with C/C++ and/or Java.
Experience with either JavaScript/NodeJS, PHP, or Python.
Advanced Knowledge of CWE/SANS 25 common programming errors, and OWASP top 10, their attack vectors, and how to mitigate against these errors and vulnerabilities.
Experience with web application architecture and design.
Experience with layer 7 web defense (WAF, RASP, etc.).
Experience with penetration testing tools (ZAP, Burp).
Familiarity with Static and dynamic code scanning tools.
Familiarity with Version Control Tools such as Git, Bitbucket, Svn, Mercurial, Perforce.
Experience with mobile programming, either Android or iOS.
Familiarity with CI/CD tools such as Jenkins, Docker, Puppet, Kubernetes.
Experience identifying attack and service abuse artifacts in application logs.
Preferred Skills:
One or more relevant security certifications, such as OSCP, OSCE.
CTF(capture the flag) / bugbounty / CVE.
Strong knowledge of RedHat Linux.
Strong knowledge of Microsoft Windows.
Strong command line and scripting skills.
Experience working with global teams.
Have proven skills in application and mobile security.
Think critically, work well under pressure, and possess strong analytical, written, verbal, and interpersonal skills.
Demonstrated track record of quality processes in a candidate’s work history.
Be strongly self-motivated with an aptitude for both individual and team-oriented work.
Responsibilities:
Perform static and dynamic code testing, threat modeling, design reviews, and penetration testing of company applications, review results and work with engineering to provide fixes.
Support the implementation and enforcement of secure design and secure programming principles according to policies, standards, and guidelines.
Develop and implement manual and automated web and mobile application security testing of the company’s applications.
Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concepts, and pilot installations.
Review POCs from bug bounty programs, provide recommended fixes and feedback to engineering and review bug fixes.
Develop and implement security testing and quality controls in CI/CD process.
Build re-usable security libraries and other components for Engineering teams to use in their development and QA work.
Define privacy by design and privacy engineering practices, and work with development teams to implement.
Drive effectiveness, adoption, and measurement of security software development practices.
Assist QA in developing security test cases, and testing those cases.
Work with software development teams to secure development environments.
Write and maintain relevant documentation and audit reports.
Qualifications:
Experience with C/C++ and/or Java.
Experience with either JavaScript/NodeJS, PHP, or Python.
Advanced Knowledge of CWE/SANS 25 common programming errors, and OWASP top 10, their attack vectors, and how to mitigate against these errors and vulnerabilities.
Experience with web application architecture and design.
Experience with layer 7 web defense (WAF, RASP, etc.).
Experience with penetration testing tools (ZAP, Burp).
Familiarity with Static and dynamic code scanning tools.
Familiarity with Version Control Tools such as Git, Bitbucket, Svn, Mercurial, Perforce.
Experience with mobile programming, either Android or iOS.
Familiarity with CI/CD tools such as Jenkins, Docker, Puppet, Kubernetes.
Experience identifying attack and service abuse artifacts in application logs.
Preferred Skills:
One or more relevant security certifications, such as OSCP, OSCE.
CTF(capture the flag) / bugbounty / CVE.
Strong knowledge of RedHat Linux.
Strong knowledge of Microsoft Windows.
Strong command line and scripting skills.
Experience working with global teams.
About
AB Soft is highly qualified software development team. We are an outsource company founded in 2011. AB Soft covers all stages of the development lifecycle: from engineering to quality assurance of the product after release.Below are our most significant projects:
• IP telephony systems
• Telco cloud solutions
• VR and AR applications
TECHNOLOGIES
• PHP
• Java
• HTML5+CSS3
• JavaScript/jQuery
• Python
• C/C++
• mobile development
We provide an excellent opportunity to work in a dynamic company. AB Soft is an active center of advanced software development. We are growing, and we always need bright, intelligent and talented people in our team.
Company website:
https://www.dataart.com
The job ad is no longer active
Job unpublished on
28 September 2020
Look at the current jobs QA Automation Odesa→
Average salary range of similar jobs in
analytics →
Similar jobs
Junior Software Developer Engineer in Test (Python/JavaScript) IRC213501 at GlobalLogic
Relocate, Ukraine
All jobs QA Automation Odesa All jobs AB Soft