WEB Assessment Engineer
Samsung R&D Institute Ukraine is looking for a passionate and collaborative WEB Security Assessment engineer to join our team.
You will be involved in preventive security review and penetration testing of our online solutions in use by hundreds of millions of users worldwide.
If you love working directly on consumer-facing products we are glad to meet you at our team of professionals in Samsung R&D Institute Ukraine.
More specifically you will:
- perform vulnerability assessments of Samsung online services
- make blackbox penetration testing of production WEB services and server infrastructure
- make blackbox/greybox security validation of cloud infrastructure
- make blackbox penetration testing of enterprise IT infrastructure
- engage in emerging threats research: new attack methods, threat modelling, security bug hunting
Major Requirements:
- BlackBox and WhiteBox WEB pen.testing and vulnerability assessment experience
- BlackBox pen.test experience of cloud infrastructures and services
- OWASP Top-10: understanding of common Web Application vulnerabilities
- DB: understanding of database operation (pref. PostgreSQL, MongoDB, MySQL, SQLite, MS SQL)
- technical English (strong reporting skills, ability to communicate with colleagues worldwide)
Optional Requirements:
- security background (relevant University education, relevant prior employment, community activities, CTF participation)
- cryptography: understanding of crypto primitives and protocols (SSL/TLS, authentication & authorization protocols, crypto algs.)
- strong understanding of REST, SOAP operation
- pen.test experience of solutions hosted on popular cloud platforms (Alibaba, GCP, Azure, AWS)
- toolset: hands-on experience with Burp, scripting (Python), assessment automation tools (fuzz, scan)
- network security: understanding of WAF, CDN, IPS/IDS operation and weaknesses
- understanding of Devices-to-Cloud Services assessment principles
- understanding of OSINT tools and techniques
Working Conditions:
- official employment - GIG contract
- remote work is possible as well as work in Kyiv office
Benefits:
- competitive salary, annual salary review, annual bonuses
- paid 28 work days of annual vacations and sick leaves
- opportunity to become an inventor of international patents with paid bonuses
- medical & life insurance for employees and their children
- paid lunches
- discounts to Samsung products, services
- regular education and self-development on internal courses and seminars
- hybrid work format, working in office is required for some tasks