Security Testing Engineer
|Квалификация:||at least 1 year of security testing experience;|
successfully participated in at least one production security project;
security engineering experience in at least one business domain;
experience in troubleshooting and debugging of complex issues, good analytical skills;
able to work closely with other project team roles (developers, DevOps, BA, testers, architects, managers);
experience in bug/development tracking/change management systems;
expected to be able to follow and understand a defined security process, train other team members, and contribute to process improvement;
understanding of concepts of a Software development process, application, infrastructure/cloud security, and their assessment methodologies;
scripting/software development experience is a huge advantage;
offensive Security Certification such as OSCP, OSCE, or OSEP is a huge advantage.
|Задачи:||vulnerability management process implementation and regular assessment;|
product security assessment/penetration testing (white/grey/black box);
incident Response Team (product security incidents monitoring, incident analysis);
secure Development Life Cycle - code security analysis SAST / DAST (a process implementation on the existing product development life cycle, handle security analysis, review, testing stages, communication with development teams);
understanding of at least 3 security frameworks: Information Systems Security Assessment Framework (ISSAF), Open-Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTES), NIST 800-115.