Middle+/Senior Application Security Engineer Offline

Main requirements

• Strong knowledge of security best practices in software development and familiarity with OWASP Top 10, SANS 25, and NIST standards.
• Knowledge of modern authentication mechanisms like OAuth 2.0, OpenID Connect. Experience with mobile application security (iOS and Android)
• Experience working with Microservices architectures and securing APIs (REST, GraphQL) Familiarity with container security (Docker, Kubernetes).
• Strong teamwork skills and ability to respond quickly to requests.

Requirements

Position Name: Middle/Senior Application Security Engineer
Level: Middle/Senior
Hard skills requirements (including years):

• Secure Software - Knowledge of Secure Coding Practices. Strong coding skills in one or more languages like Python, JavaScript, etc., to understand code and identify potential vulnerabilities
• Application Security - Experience using SAST tools (e.g., SonarQube, Checkmarx, Snyk) for analyzing code for vulnerabilities during development. Proficiency in using DAST tools (e.g., OWASP ZAP, Burp Suite, AppScan)
• Threat Modeling - Ability to perform threat modeling and risk assessments to identify potential vulnerabilities during the design phase of applications.
• Vulnerability - Experience with tools like Nessus, Qualys, or OpenVAS to identify security vulnerabilities in applications and infrastructure.
• Penetration Testing - Proficiency in conducting or supporting manual and automated penetration tests to simulate attacks and uncover application security flaws.
• Cloud Platform - Experience with securing cloud environments (AWS, Azure, GCP), including knowledge of IAM, secure configurations, network security, and encryption.
• Container - Experience securing containerized applications using Docker and Kubernetes, along with tools for container security scanning (e.g., Aqua Security, Twistlock).
• CI/CD Pipeline - Experience integrating security testing tools into Continuous Integration/Continuous Deployment (CI/CD) pipelines (e.g., Jenkins, GitLab, CircleCI) to automate security checks.
• Bachelor's degree in Information Security, IT, or a related field. Equivalent work experience is also acceptable.
• Relevant certifications such as CISSP, CEH, OSCP, GWAPT, or CSSLP.

Soft skills requirements:

• Ability to effectively convey ideas, expectations, and feedback to team members and stakeholders
• Ability to take the initiative to identify and address potential issues before they escalate, ensuring smooth project execution and minimizing risks.
• Ability to quickly identify issues and implement effective solutions to keep projects on track
• Attention to Detail
• Strong ability to work under pressure, remain calm and focused, maintaining productivity and high-quality output even in stressful situations
• Ability to work seamlessly with cross-functional teams, fostering strong relationships and ensuring alignment across all business units.
• Ability to adapt to rapidly changing environments, ensuring the team can pivot quickly to meet new challenges and opportunities
• Ability to expertly manage working time and prioritizes tasks to ensure timely delivery of projects and efficient use of resources.
• Critical Thinking
• proactive acceptance of accountability for one's actions, decisions, and outcomes
• Ability to analyze data from multiple sources and identify patterns or anomalies that could indicate security threats.
• High moral standards in handling sensitive data and making decisions that align with security policies.

Responsibilities:

• Secure Code Reviews - Provide guidance and conduct secure code reviews, ensuring adherence to OWASP Top 10, SANS 25, and other security best practices.
• Vulnerability Assessment - Conduct application security assessments, including manual code reviews and automated vulnerability scanning, to identify potential security flaws.
• Security Integration - Embed security best practices throughout the development lifecycle, from design to deployment, ensuring secure coding practices.Implement and maintain security tools for Continuous Integration/Continuous Deployment (CI/CD) pipelines, such as SAST, DAST, and Interactive Application Security Testing (IAST).
• Penetration Testing - Lead or support internal and external penetration testing efforts to proactively identify and mitigate security risks.
• Collaboration - Work closely with developers, DevOps, and QA teams to promote security awareness, provide training, and support security-focused testing efforts (e.g., static and dynamic application security testing).
• Incident Response - Collaborate with the security team in incident management, ensuring prompt and thorough investigation and remediation of any security breaches or vulnerabilities.
• Policy & Standards - Develop, maintain, and enforce security policies, procedures, and standards related to application development and deployment.
• Research & Development - Stay up-to-date with the latest security threats, trends, and technologies, continuously improving security protocols and infrastructure.

English at a B1 level or higher, and either Russian or Ukrainian (one of these is required).

Remote - ok, but preferred locations are Cyprus, Bulgaria, Portugal