AppSec Engineer

Дата размещения вакансии: 05.11.2024
Работодатель: Финтех
Уровень зарплаты:
з/п не указана
Город:
Москва
Требуемый опыт работы:
От 3 до 6 лет

Are you passionate about securing cutting-edge applications in the fast-paced world of cryptocurrency? Want to work with a talented team, enhancing security and protecting valuable assets in a growing digital landscape?

If so, we’d love to have you on board!

As an Application Security Engineer, you’ll be responsible for ensuring the safety and security of our crypto-related applications, working closely with cross-functional teams to develop and implement best practices in application security.

Responsibilities:

  • Collaborate with development and DevOps teams to address security issues in the software development lifecycle.

  • Conduct security architectural reviews, set security requirements, and ensure new features meet security standards.

  • Create and update security policies, standards, and procedures related to secure development.

  • Identify and mitigate risks associated with application infrastructure, implementing effective security measures.

  • Research and improve methods for detecting security threats in the cryptocurrency industry, proposing strategies to counteract them.

  • Design DevSecOps solutions, onboard and configure AppSec tools (DAST, SAST).

  • Participate in Patch and Vulnerability Management processes, assessing security vulnerabilities in applications and infrastructure.

  • Develop security practices for designing secure APIs.

  • Stay updated on modern approaches to securing crypto-asset applications.

Requirements:

  • A degree in a relevant field, such as Information Security or Computer Science.

  • 2+ years of experience in Application Security.

  • Proficiency in reading and understanding Bash, Python, and Go code, with the ability to identify security flaws.

  • Knowledge of common security vulnerabilities and protection methods.

  • Hands-on experience with security tools (SAST, DAST, SIEM, WAF, Anti-DDoS, Vulnerability Management).

  • Familiarity with security standards and frameworks (NIST, MITRE, ISO 27k, PCI-DSS, OWASP ASVS, OWASP Top 10, OWASP SAMM).

  • Understanding of containerization and orchestration security (Docker, K8s).

  • Technical knowledge of Blockchain and cryptography, as well as best practices in securing corporate information systems (Zero Trust, 2FA/MFA, Principle of Least Privilege).

  • Proficiency in technical English, for understanding documentation and communicating with international standards.

Nice-to-Have:

  • Experience with API security testing.

  • Understanding of SSDLC and DevSecOps processes.

  • Relevant certifications (BSCP, OSWE, OSCP).

  • Active profile on security learning platforms (e.g., HackTheBox).

  • Participation in CTF competitions.

What We Offer:

  • Fully remote position — work from anywhere!

  • 28 days of paid vacation and fully paid sick leave.

  • Competitive salary in USDT.

  • Opportunity to work in a fast-growing and innovative cryptocurrency company