Senior Security Engineer (offline)

We’re looking for Senior Security Engineer having the background and experience in the software security field, to help implement software security strategy, focused on leading Security Architecture and DevSecOps for Ukraine based Client’s DOEC.

You will be a focal point for the Client’s Security team responsible for the overall security in the DOEC office in Ukraine.

The Security team is responsible for the development and implementation of controls for protecting Client Company assets, meeting strict customer requirements and international security standards as well as proactively developing risk mitigation programs.

Required background and skills:
o 5+ years of experience in the Software development and engineering field
o High experience in one or more of the following programming languages: Java or NodeJS/JS.
o Fluent English
o High communication skills, work experience in global companies and a desire to function in a team-based environment
o BSC degree in Computer Science, a related field or equivalent experience

Preferred/Nice to have skills:
o Experience in public Cloud, Docker, and K8S architectures
o Experience in leading Secure Development LifeCycle, threat modeling, penetration testing, and in using and analyzing findings of Static Code Analysis and Open Source Analysis tools.
o Ability to detect, explain, remedy, and validate software security issues such as OWASP top 10 vulnerabilities.
o Experience with ISO 27001 and other certifications like SOC 2+, Hitrust, PCI.
o Security certifications such as CISSP, CSSLP, CEH, GIAC, and GSSP-JAVA.

Responsibilities:
o Act as the single leadership point of contact for security strategy and security product architecture at MOC DOEC.
o Ensure consistency and standardization in software security, compliance, certification, IT policies, network configuration mechanisms for Client’s DOEC.
o Report and triage vulnerabilities, provide metrics, track, plan, and ensure timely remediation of open issues.
o Participate in product requirements and design review meetings, review product design documents, provide security requirements, and identify potential security threats in the design.
o Provide practical security best practices, perform manual code review for major security features, and implement automatic security tools (SAST, DAST, etc.) into the CI/CD processes
o Coordinate risk assessment and penetration test activities.
o Manage and supervise security-related topics

About Indigo

INDIGO – Recruiting IT agency.
We have worked long enough in this market to deliver high-quality candidates quickly:
- 12 years in the market;
- 85 000 - Half of the tech market in Ukraine is in our database;
- We produce solid candidates within a week for our clients;
- An average of 150 successfully-matched new employers per year since 2007

Company website:
https://indigo.co.ua/