Application Security Engineer / Pentester Offline

We’re looking for someone who has:

• Software development experience in a production environment

• A deep understanding of the application architecture

• A knack for finding flaws in software and can efficiently communicate how to fix them

• Strong communication skills and is accustomed to working closely with a product team

• Doesn’t always default to industry norms when solving a problem

• An ability to think like an attacker to develop threat models

• Has designed and implemented mitigations for common classes of bugs

• Intermediate level of English or higher

Preferred qualification:

3 or more years’ experience in:

• Authentication (Identity management, MFA/2FA)

• Applied Cryptography (PKI, Appropriate usage of Cryptographic Primitives, Digital Signatures, HASHing, HMACs)

• Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)

• Web Services Security (WS-Security, Oauth, JWT)

• Static Source Code Review Tools (e.g. Fortify, Appscan Source, Contrast, etc).

• Application Service Hardening (CIS, NSA/DOD STIGs)

• Coding experience in one or more general languages

• Mobile App development experience a plus

Nice to have:

• 3 years of relevant work experience

• Hard Core Development Skills

• Detail-Oriented

Responsibilities:

• Work with our code

• Develop techniques to ensure development teams find flaws before they are introduced into production

• Be a security subject matter expert and respond to any security development question

• Work with development teams to design solutions that are inherently secure

• Be a champion for simple security models

• Correctly balance security risk and product advancement

• Lead software security initiatives

• Lead or participate in threat modeling discussions

• Perform code deep dives to uncover security vulnerabilities or design

• Document findings and architectural issues for development and other security teams consumption

• Evaluate the security posture of existing applications

• Perform proactive research to detect new attack vectors and pentest internal and external apps

What we offer:

• Work in a friendly creative environment using modern technologies

• Work-life balance and flexible work schedule

• Corporate trainings, professional conferences, specialized courses

• Knowledge sharing and best practices, communities of interest

• Competitive salary level

• Medical insurance from the first month of work

• 24 days of paid vacation

• Paid sick leaves