Application Security Engineer

Requirements:

• 2 years experience in a similar position;

• Experience with Terraform;

• Experience with Atlassian stack (Jira, Bitbucket);

• Work experience with AWS;

• Understanding of the principles of operation of modern web applications and their protection;

• Knowledge of attack vectors for modern applications (web, desktop, mobile), methods of bypassing protection at the application level and applied protection measures;

• Knowledge of techniques for mitigating common vulnerabilities and secure development;

• Knowledge of basic DevSecOps/AppSec approaches and practices, experience with analysis tools (SAST, SCA, DAST), including integration of tools into CI/CD;

• Ability to understand other people's code; W

• Practical experience in conducting security analysis of web applications (black/gray/white box), ability to exploit found vulnerabilities (PoC); W

• Understanding of the principles of operation of CI/CD technologies, containerization and orchestration;

• Availability of specialized certificates.

What you gonna do:

• Architect, design, support and deploy security-focused solutions for the corporate infrastructure to drive security operations excellence.

• Building information security processes together with development, information security, QA and DevOps teams;

• Maintenance of product tasks at all stages of the release cycle;

• Participation in the process of code-review and pre-production testing in order to identify potential vulnerabilities.

Duties for now:

- Help with SAST;

- Work with scanners,

- Administration of application analysis systems

- Conducting comprehensive application security analysis;

- Code review;

- Static code analysis;