Application Security Specialist

We are looking for a self-sufficient Application Security Specialist who is willing to bring the best security approaches to the company’s applications and protect them from various security threats. You will be working in a team of experienced IT engineers who will be glad to assist you to implement your ideas and share knowledge. 

Обязанности:

• Continuously run security audits for web and mobile applications, provide recommendations based on the audit results.

• Developing, automating and supporting the full cycle of application security testing (SCA, SAST, DAST, etc.).

• Participate in the organization of software life cycle processes (SDLC).

• Consulting development and testing teams on web and mobile application security issues;

• Participate in the design and requirements of applications and their features from a security perspective.

• Provide input into security-related topics and assist in securing security practices internally within our organization.

Требования:

• 1+ years of experience in the same or similar position;

• Experience with web and mobile application testing;

• Strong knowledge of web and mobile vulnerability types and mitigation techniques (e.g. XSS, SQL Injection, SSRF, Brute Force)

• Knowing at least one of vulnerability search methodology and recommendations for secure development (OWASP, SANS 25, etc.), have experience in fixing them;

• Programming and scripting knowledge/skills: .Net, C#, C++, Python, PowerShell;

• Experience with SCA, SAST, DAST tools;

• API security testing experience;

• Good knowledge of web security mechanisms (HTTPS, SOP, CSP, Cookie security attributes);

• Knowing basic concepts of information security, cryptography, secure protocols and algorithms;

• Willingness to develop in the Application Security field;