DevSecOps / SecOps Farmland investment platform $6000-7500 Offline
Нашему проекту https://acretrader.com/ больше 3х лет и за это время на проекте накопилось много фукнционала и много различных restful api endpointов.
Сейчас мы пользуемся проектом www.hackerone.com, который позволил обнаружить большое кол-во небольших и средних проблем по security в на нашем проекте. Как правило проблемы связанны с:
- куками и XSS уязвимостями
- проверкой пользовательских данных на стороне сервера
- на стыках взаимодествия с 3rd party сервисами
Ищем в нашу команду человека, который будет тестировать dev версию сайта, находить и помогать в закрытии проблем до того как они попадут в продакшн сайт
НАШ СТЕК
- Микросервисная архетиктура на Go + немного на Python
- GCP, Google Cloud Build, CI / CD
IN THIS ROLE YOU WILL:
● Implement and configure SecOps Pipelines
● Analyze system services, spotting issues in code and discovering security exposures.
● Develop mitigation plans and design technical solutions to address security weaknesses.
● Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.
● Participate in and support application security reviews, including code reviews, third-party integration reviews, and dynamic testing.
● Perform security testing on our internal and external applications—including performing security code reviews, vulnerability assessments, and exploit development, as well as documenting the outcomes of the research.
● Integrate SAST/DAST in CI/CD and operational pipelines.
● Create and manage tools (e.g., web security scanners) to help test and monitor product security.
TECHNICAL REQUIREMENTS
- 3 or more years of relevant experience in e-commerce, SaaS or similar.
- Technical experience in JavaScript/TypeScript and Go or Python.
- Technical expertise in secure software development, modern DevOps practices and tools.
- Strong knowledge of secure design practices and common software vulnerabilities such as OWASP Top 10
- Knowledge of common and emerging security threats.
An ideal candidate would be someone who
● Is open-minded and actively asks questions, listens, and adjusts your points of view accordingly and respects other people’s opinions.
● Is able to communicate effectively with different stakeholders.
● Is able to stay focused on the tasks, prioritize them, and control your time effectively.
● Is able to work closely with other teams and independently.
● Has prior experience in continuous security cycle implementation for web applications.
● Has experience with malware analysis; reverse engineering is also a plus.
● Has experience with GCP
Процесс собеседования в 2 этапа:
- ознакомительное интервью 30 мин
- техническое интервью с тестовым заданием 60 мин
- если подходим друг другу - офер
Мы предлагаем:
- Гибкий график
- Небольшая и дружеская команда
- Заработная плата каждые 2 недели в USD, либо USDT
- Занятия английским с преподавателем
- Тимбилдинги в разных странах