Zapraszamy do wysłania życiorysu - skontaktujemy się w przypadku wznowienia projektu lub podobnej oferty.
Tasks:
- Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools.
- Create and run secure code assessments with various application and services engineering teams.
- Perform manual and automated penetration tests and retests of web and mobile applications.
- Review technical architecture and delivery for Web and other Client Delivery Platforms.
- Review current system security measures and recommend or implement enhancements.
- Review and contribute to application designs and solutions.
- Review developers codes, provide feedback and perform security assessments for consumer-facing applications, services and future technology.
- Triage risk of identified vulnerabilities and findings.
- Work with external penetration testers, oversee ongoing pentests and exercises, work with application engineering teams on remediation of found vulnerabilities.
- Participate (as a subject matter expert) in information security operations duties, including occasional incident response escalations.
- Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (Server, Client, Mobile, Tablet, etc.).
- Identify and define application security requirements and security baselines.
- Work collaboratively and proactively across the organization (e.g., Technical Architects, Engineering Leads, Product managers, etc.) to support and remediate security gaps.
Job requirements:
- 3+ years of product/application security work experience.
- Knowledge of common security principles for web application architectures.
- Experience in code reviews, business logic assessment, and application security testing.
- Solid understanding of security protocols, cryptography, authentication, authorization and security.
- Broad knowledge of Security technologies, process, and techniques and a strong understanding of application security leading practices including OWASP and CWE.
- Familiarity with HTML\CSS, JavaScript and UI\UX design and software quality assurance principles
- Hands on experience working with DevOps and Agile driven product teams.
- Familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux.
- Knowledge of practical threat modeling for consumer applications.
- Experience in secure software development principles in various languages (Java, Go, JavaScript, Python, etc.).
- Excellent communication and presentation abilities with great attention to detail.
- Demonstrated ability to explain risks and vulnerabilities to both technical and non-technical audiences.
- Languages: Fluent English and Polish.
We offer:
- Employment based on employment contract
- Opportunities for professional development for expert positions
- Experience in an international company
Good to have skills:
- Bachelor's degree in IT, Computer Science or Information Security preferred.
- Knowledge of cloud security principles.
- Experience in application/tool development with at least one modern programming language.