You will be working in a huge company with a world name and be a part of cyber security of it.

Responsibilities:

Role: Product security / Application Security / DevSecOps / Security Architecture;
Security advisory on projects with different size and technologies;
You will be the primary security engineer for software products and act as the point of contact for engineering and security;
Design, build and review security-related services and functions of web applications, mobile applications, and desktop applications;
Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon/MS Threat Modeling Tool);
Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications;
Work with product & development managers for the assessment and prioritization of security-related tasks in the development backlog;
Provide the Engineering teams well-researched security solutions and controls to mitigate risk and fix vulnerabilities;
Improves the adoption of security best practices in testing, automation, and continuous integration pipelines.

Requirements:
3+ year of experience with CI/CD principles and tooling [Git, Terraform, Jenkins, Artifactory];
3+ year experience with Azure focus on security and 1+ year with Kubernetes secure deployment;
Security experience on Azure / MO365 security features and components;
Deep knowledge of SSDLC, secure development and runtime application protection;
Deep knowledge of containers development and security applied on those environments in terms of container, host and orchestrator(s) security and workload protection;
3+ year experience with scripting language such as Java, .NET, Python, Bash, PowerShell, etc.;
Experience with IAM provider (Azure AD), Vault (Hashicorp) and OpenVPN and similar;
Significant knowledge of security best practices for cloud native architectures, both on development and deployment;
Experience with cloud-based security management SIEM tools, e.g. Splunk (nice to have) or ELK;
Proven track record in supporting development teams in security area throughout all phases of systems development life cycle (design, threat modelling, development, maintenance);
Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines;
Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10;
Sound knowledge on modern authentication/authorization frameworks, methods, and technologies (OAuth2.0, OIDC, JWT);
Experience with Scrum approach;
Good communication skills, ability to conduct email communications, lead security-related meetings and discussions;
At least Upper-Intermediate level of English including cybersecurity-related vocabulary.

Nice to have:
Understanding or experience about SOP (Standard Operating Procedure), SOX Compliance, Audit Control.

About Intellias

Intellias is a challenge-driven software engineering company, based in Ukraine (Kyiv, Lviv, Odesa, Kharkiv) and locally represented in Berlin, Germany.
Since 2002, we've been helping leading technology companies from EU and North America to create their software products by building and operating world-class engineering teams in Eastern Europe for them

Company website:
intellias.com

DOU company page:
https://jobs.dou.ua/companies/intellias/

Job posted on 25 March 2021
3 views    0 responses


Для отклика на эту и другие вакансии на Джинне войдите или зарегистрируйтесь.