Jobs Lviv

This position is open exclusively for Ukrainian residents within Ukraine (preferably Kyiv or Lviv).

We are looking for an Security Solutions Architect to join our Security Engineering team and work with us on building secure software and solutions for our customers. If you are interested in designing and building security solutions that address complex risks and threats, reviewing and implementing API protocols and subsystems, designing security controls, working hand-in-hand with software developers to build secure systems — this may be the position for you.

Main responsibilities:

• Architect security features, modules and protocols in mission critical software, ensuring alignment with business objectives, functional and non-functional requirements.
• Assess and evaluate the security design of systems, components and their API.
• Search for security weaknesses in software designs from novel fields and areas.
• Perform risk analysis and threat modelling to evaluate available and missing security controls.
• Collaborate with stakeholders, including developers, product managers, and executives, to gather requirements and translate them into security architecture.
• Participate in SSDLC for our products and our customers’ products. Explain architecture choices, work together with developers to select security controls that would improve security without restricting usability/performance.
• Stay up to date with emerging security threats, vulnerabilities, and controls (read articles and papers, follow CVE updates, understand how threat landscape is changing, understand how to apply described ideas, read NIST guidelines).
• Dive into application security, infrastructure security, cloud and on-prem infrastructures, dedicated hardware, IoT security, ML security, and weird stuff beyond casual imagination with our team of skilled engineers. See example of our work.
• Share your work as conference talks, blogposts (see React Native security example, contribute to open source standards like OWASP.

Requirements:

• 2+ years as Solution Architect or similar position.
• Experience designing and implementing security controls in a technically diverse environment.
• Experience in performing design review for multi-component systems (web, cloud, hardware).
• Understanding security standards and methodologies (NIST, ISO, CMMI, SOC).
• Understanding SSDLC and its difficulties. OWASP SSDLC, NIST SSDF.
• Communication skills: you will communicate about security technical topics with both technical and non-technical audiences (C-level managers, developers, product owners).
• An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls. How to combine detective, preventive and corrective controls.
• Experience in popular security tools required for the job, or ability to learn them quickly.
• English level B2+.

Nice to have:

• Understanding risk management and threat modelling (NIST RMF, FAIR, STRIDE, MITRE ATT&CK).
• Understanding of application security verification and software maturity frameworks: OWASP SAMM, OWASP ASVS, OWASP MASVS.
• A certain area of expertise and deep interest: web, cloud, IoT, infrastructure — an area where you have “seen things” and ready to share experience.
• Experience with clouds: AWS, Azure, GCP, understanding the “cloud responsibility gap”.
• Basic knowledge in cryptography: understanding the differences between symmetric and asymmetric cryptography, hashing, KDF.
• Knowledge in one of several business domains: banking / finance / payment processing, cryptocurrencies.
• Practical experience in any programming language.

Hiring process:

• Resume review — up to 5 business days.
• Introductory meeting with the Head of security engineering.
• Test task — estimated time 1-3 hours.
• Technical interview with several team members.
• Offer discussion.

What’s in it for you?

• Competitive compensation with a flexible and clear bonus scheme.
• Paid vacation — 21 business days per calendar year.
• Paid sick leaves.
• Hybrid work model: this position allows for a combination of in-office and remote work as needed.
• Combining technologies: hardware engineering, software engineering, cryptography, information security.
• You will work with people deeply interested in security engineering, you will learn a lot
• Reasonable time budgets and an attitude to build things well — we prioritise building for decades, rather than just until the next release.
• Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a a lot in talks, workshops, and blog posts.
• Public track record in the open-source aspect of our products.

This position is open exclusively for Ukrainian residents within Ukraine (preferably Kyiv or Lviv).

Cossack Labs is looking for an Application security engineer to join our Security team and work with us on building and breaking software. If you are interested in designing and building security controls, working hand-in-hand with software developers, performing security assessments, this may be the position for you.

We are ready to invest time in your education if you are prepared to work diligently and responsibly. Alongside technical skills, we’ll teach you leadership, time management, business context, and how to keep improving cybersecurity despite the ever-increasing entropy of the world.

Responsibilities:

• Perform security assessment and review of code and behavior of systems (web, API, backends).
• Participate in SSDLC for our products and our customers’ products. Explain risks & threats, work together with developers to select security controls that would improve security without restricting usability/performance.
• Take part in organisation security practices and work with business owners (risk assessment, craft policies for organisations, guide companies for more secure future).
• Stay up to date with emerging security threats, vulnerabilities, and controls (read articles and papers, follow CVE updates, understand how threat landscape is changing, understand how to apply described ideas, read NIST guidelines).
• Dive into application security, infrastructure security, cloud and on-prem infrastructures, dedicated hardware, IoT security, ML security, and weird stuff beyond casual imagination with our team of skilled engineers. See example of our work.
• Share your work as conference talks, blogposts (see Security autotests post), contribute to open source standards like OWASP.

Requirements:

• 2+ years as an application security engineer or similar position.
• Experience in performing security assessment for web applications.
• Experience in selecting or designing security controls in a technically diverse environment.
• Be familiar with application security verification and software maturity frameworks: OWASP SAMM, OWASP ASVS.
• Understanding SSDLC (OWASP SSDLC, NIST SSDF).
• Communication skills: you will communicate about security technical topics with both technical and non-technical audiences (C-level managers, developers, product owners).
• An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls.
• Experience in popular security tools required for the job, or ability to learn them quickly (Burp Suite, network analysers, various SAST and DAST, dependency and vulnerability scanners).

Nice to have:

• A certain area of expertise and deep interest: web, mobile, IoT, infrastructure — an area where you have “seen things” and ready to share experience.
• Basic knowledge in cryptography: understanding the differences between symmetric and asymmetric cryptography, hashing, KDF.
• Understanding security standards and methodologies (NIST, ISO, CMMI, SOC).
• Understanding risk management and threat modelling (NIST RMF, FAIR, STRIDE, MITRE ATT&CK).
• Practical experience in scripting languages: Python or Bash.

Our hiring process:

• Resume review — 1-5 business days.
• Test task — estimated time 3-4 hours.
• Introductory meeting with the Head of security engineering.
• Technical interview with several team members.
• Offer discussion.

What’s in it for you?

• A sense of meaning and responsibility for those who seek purpose — we’re building "invisible texture of modern civilization“—bits of infrastructure finance, power grids, healthcare rely on, and we are trusted with very challenging aspects of it.
• Competitive compensation with a flexible bonus scheme.
• Hybrid work model: this position allows for a combination of in-office and remote work as needed.
• UK, EU and USA clients.
• Working at the crossroads of ML security, cryptographic protocol support, hardware protection, reverse-resilient mobile app development, and securing web apps for millions of users.
• Public track record in the open-source aspect of our products.
• Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a lot in talks, workshops, and blog posts.
• Paid vacation — 21 business days per year.
• Paid sick leaves.

We are a data security solutions company, providing custom bespoke solutions to innovative software development teams around the world. Our software is well-known amongst security-aware teams, recommended by OWASP, and popular for easily solving complicated security challenges. Apart from building “off-the-shelf” solutions, we design custom security controls for novel problems.

We work in the B2B space, with customers such as IIoT, AI / ML based systems, mission critical systems, robotics, navigation, power grid operators, payment processors, financial apps, legal companies, million-user customer applications. We cater to young ambitious startups and well-established enterprises, who use our software and solutions as core part of their security arsenal. Our customers are smart, but extremely demanding.

Markets: EU, UK, USA, UA.

Національна мережа аптек «Подорожник» оголошує конкурс на посаду Адміністратора політик безпеки

Ти наш ідеальний кандидат, якщо:

• добре знаєш міжнародні стандарти інформаційної безпеки (ISO 27001, NIST, GDPR) і вмієш впроваджувати їх у політики компанії;
• маєш практичний досвід у створенні, оновленні та супроводі політик ІБ;
• вмієш оцінювати їхню актуальність і ефективність та впроваджувати зміни;

• ефективно взаємодієш з різними командами для досягнення цілей у сфері безпеки.

   

Що входитиме в твої обов’язки:

• проведення аналізу поточних політик, в частині інформаційної безпеки, в системах\сервісах, що використовуються в Компанії;
• розробка нових\оновлення існуючих політик, в частині інформаційної безпеки, згідно кращих практик в системах\сервісах, що використовуються в Компанії;
• супровід процес впровадження нових\оновлених політик, в частині інформаційної безпеки, в системах\сервісах, що використовуються в Компанії;
• проведення моніторингу застосовності політик, в частині інформаційної безпеки, в системах\сервісах, що використовуються в Компанії;

• проведення аналізу ефективності політик, в частині інформаційної безпеки, для їх відповідності змінам в законодавстві, технологіях та загрозах.

   

Чому тобі варто працювати саме в нас:

• офіційне працевлаштування в стабільній компанії, що динамічно розвивається;
• можливість особистісного та професійного розвитку;
• необхідні ресурси та інструменти для виконання поставлених завдань;
• корпоративні знижки на медикаменти та медичне обслуговування;
• бронювання працівників;

• корпоративні знижки на абонементи в Sport Life, Фокстрот, ОККО, на обслуговування в медичних центрах Веселка та багато інших бенефітів.

   

Телефонуйте! Відправляйте резюме! Приєднуйтесь до команди «Подорожник»

«Подорожник» — лідер можливостей!