Маєш запитання стосовно вакансій, проєктів, умов роботи? Напиши нашому рекрутеру!
Надіслати резюме

Responsibilities:

  • Role: Product security / Application Security / DevSecOps / Security Architecture;
  • Security advisory on projects with different size and technologies;
  • You will be the primary security engineer for software products and act as the point of contact for engineering and security;
  • Design, build and review security-related services and functions of web applications, mobile applications, and desktop applications;
  • Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon/MS Threat Modeling Tool); 
  • Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications;
  • Work with product & development managers for the assessment and prioritization of security-related tasks in the development backlog;
  • Provide the Engineering teams well-researched security solutions and controls to mitigate risk and fix vulnerabilities;
  • Improves the adoption of security best practices in testing, automation, and continuous integration pipelines. 

Requirements:

  • 3+ year of experience with CI/CD principles and tooling [Git, Terraform, Jenkins, Artifactory];
  • 3+ year experience with Azure focus on security and 1+ year with Kubernetes secure deployment;
  • Security experience on Azure / MO365 security features and components;
  • Deep knowledge of SSDLC, secure development and runtime application protection;
  • Deep knowledge of containers development and security applied on those environments in terms of container, host and orchestrator(s) security and workload protection;
  • 3+ year experience with scripting language such as Java, .NET, Python, Bash, PowerShell, etc.;
  • Experience with IAM provider (Azure AD), Vault (Hashicorp) and OpenVPN and similar;
  • Significant knowledge of security best practices for cloud native architectures, both on development and deployment;
  • Experience with cloud-based security management SIEM tools, e.g. Splunk (nice to have) or ELK;
  • Proven track record in supporting development teams in security area throughout all phases of systems development life cycle (design, threat modelling, development, maintenance);
  • Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines;
  • Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10;
  • Sound knowledge on modern authentication/authorization frameworks, methods, and technologies (OAuth2.0, OIDC, JWT);
  • Experience with Scrum approach;
  • Good communication skills, ability to conduct email communications, lead security-related meetings and discussions;
  • At least Upper- Intermediate level of English including cybersecurity-related vocabulary.

Nice to have: 

  • Understanding or experience about SOP (Standard Operating Procedure), SOX Compliance, Audit Control.
Надіслати резюме