DevSecOps / SecOps Farmland investment platform $6000-7500 (offline)

Нашему проекту https://acretrader.com/ больше 3х лет и за это время на проекте накопилось много фукнционала и много различных restful api endpointов.

Сейчас мы пользуемся проектом www.hackerone.com, который позволил обнаружить большое кол-во небольших и средних проблем по security в на нашем проекте. Как правило проблемы связанны с:

- куками и XSS уязвимостями

- проверкой пользовательских данных на стороне сервера

- на стыках взаимодествия с 3rd party сервисами

Ищем в нашу команду человека, который будет тестировать dev версию сайта, находить и помогать в закрытии проблем до того как они попадут в продакшн сайт

НАШ СТЕК

- Микросервисная архетиктура на Go + немного на Python

- GCP, Google Cloud Build, CI / CD

IN THIS ROLE YOU WILL:

● Implement and configure SecOps Pipelines

● Analyze system services, spotting issues in code and discovering security exposures.

● Develop mitigation plans and design technical solutions to address security weaknesses.

● Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.

● Participate in and support application security reviews, including code reviews, third-party integration reviews, and dynamic testing.

● Perform security testing on our internal and external applications—including performing security code reviews, vulnerability assessments, and exploit development, as well as documenting the outcomes of the research.

● Integrate SAST/DAST in CI/CD and operational pipelines.

● Create and manage tools (e.g., web security scanners) to help test and monitor product security.

TECHNICAL REQUIREMENTS

- 3 or more years of relevant experience in e-commerce, SaaS or similar.

- Technical experience in JavaScript/TypeScript and Go or Python.

- Technical expertise in secure software development, modern DevOps practices and tools.

- Strong knowledge of secure design practices and common software vulnerabilities such as OWASP Top 10

- Knowledge of common and emerging security threats.

An ideal candidate would be someone who

● Is open-minded and actively asks questions, listens, and adjusts your points of view accordingly and respects other people’s opinions.

● Is able to communicate effectively with different stakeholders.

● Is able to stay focused on the tasks, prioritize them, and control your time effectively.

● Is able to work closely with other teams and independently.

● Has prior experience in continuous security cycle implementation for web applications.

● Has experience with malware analysis; reverse engineering is also a plus.

● Has experience with GCP

Процесс собеседования в 2 этапа:

- ознакомительное интервью 30 мин

- техническое интервью с тестовым заданием 60 мин

- если подходим друг другу - офер

Мы предлагаем:

- Гибкий график

- Небольшая и дружеская команда

- Заработная плата каждые 2 недели в USD, либо USDT

- Занятия английским с преподавателем

- Тимбилдинги в разных странах