Requirements:
• 2 years experience in a similar position;
• Experience with Terraform;
• Experience with Atlassian stack (Jira, Bitbucket);
• Work experience with AWS;
• Understanding of the principles of operation of modern web applications and their protection;
• Knowledge of attack vectors for modern applications (web, desktop, mobile), methods of bypassing protection at the application level and applied protection measures;
• Knowledge of techniques for mitigating common vulnerabilities and secure development;
• Knowledge of basic DevSecOps/AppSec approaches and practices, experience with analysis tools (SAST, SCA, DAST), including integration of tools into CI/CD;
• Ability to understand other people's code; W
• Practical experience in conducting security analysis of web applications (black/gray/white box), ability to exploit found vulnerabilities (PoC); W
• Understanding of the principles of operation of CI/CD technologies, containerization and orchestration;
• Availability of specialized certificates.
What you gonna do:
• Architect, design, support and deploy security-focused solutions for the corporate infrastructure to drive security operations excellence.
• Building information security processes together with development, information security, QA and DevOps teams;
• Maintenance of product tasks at all stages of the release cycle;
• Participation in the process of code-review and pre-production testing in order to identify potential vulnerabilities.
Duties for now:
- Help with SAST;
- Work with scanners,
- Administration of application analysis systems
- Conducting comprehensive application security analysis;
- Code review;
- Static code analysis;