Application Security Engineer

Дата:	22 Апреля, 2022
Работодатель:	Infopulse / Инфопульс
Город:	Варшава
Квалификация:	Bachelor's or Master’s degree in computer science or related field or equivalent experience, depending on the role level 5+ years of experience with application security architecture with expertise in applying secure software development methods within the SDLC, designing and building secure software systems Solid understanding of fundamental application security building blocks such as authentication, authorization, data validation, encryption and security assurance Strong familiarity with application security concepts/standards/laws/best practices (e.g. OWASP, NIST, CIS, ISO 15408, ISO 27xxx, PCI DSS, EU GDPR) Experience of mentoring, advising or guiding teams to follow architectural or security best practices Experience of conducting security code review, application threat modelling and security risk assessment Understanding of the TCP/IP Stack, web application architecture, encryption fundamentals and OWASP Top 10 Strong desire to grow in both engineering and security expertise Good knowledge of software development processes, integration of security assessments in Software Development Life Cycle (SDLC) process Understanding of Agile/DevOps principles Familiarity with code reviews, application security tools and techniques In-depth, hands-on understanding of application architectures and technology (including web applications, mobile technology, identity and access management) Desired Skills Experience of performing application security assessments such as threat modelling, security testing, vulnerability management and remediation Experience with or knowledge of security testing tools such as SAST or DAST Good understanding of at least two of the following programming languages (i.e. the ability to understand the issue by looking at code snippets): C#, C++, Java, Python, JS Experience in application development, secure coding and scripting languages for automation is an advantage Experience with Microsoft Cloud Security Experience with architecture security design and review is an advantage Knowledge of vulnerability management and security testing tools such as Acunetix, Nessus, Nmap, Burp, ZAP, Kali Linux
Задачи:	Perform threat modelling, risk assessment, secure design and source code review for applications Perform system and application security requirements review, definition and clarification Collaborate closely with development teams to assess the security posture/risk of the product features being developed and help integrate the best security practices into their development processes and source code security review Support the application team as well as development teams to design and implement processes and/or tools for secure code reviews and security testing Develop abuse use cases for project-related security testing in alignment with the security requirements objectives Perform targeted security tests to assist in detection and remediation validation of security relevant defects and vulnerabilities Conduct application security assessments, contribute to the security enhancement of the Systems Development Life Cycle (SDLC), provide actionable security recommendations for the development of various types of applications: web, mobile, embedded, etc. Recommend security solutions, develop and implement security and compliance tools in support of security analysis processes Incorporate security tools/tasks into automated product development and deployment lifecycles (SAST/DAST/IAST integration into CI/CD pipeline) Implement security culture, tools and processes into software development environment Collaborate closely with product and platform teams to design and implement security controls and best practices Provide secure application development training to developers Develop and maintain a balanced application security programme based on a well-defined application security framework Stay current with security industry trends and implement best practices within Secure SDLC Investigate and pilot commercial and open-source application security tools Participate in the development of corporate documents on system and application security Develop corporate documents, technical reports, metric reporting and security related presentations
Контакты:	https://rabota.ua/company788/vacancy8517978