Job Description

We are a team of Application Security enthusiasts who have been helping create secure applications for a huge telecom provider in Europe for over 15 years.
We know how to break apps and how to make them unbreakable.

Responsibilities

Development of security requirements at the early stages of the product life cycle.

• Preparation of test scenarios for an audit that is based on business requirements, technical documentation for a project, and a list of affected systems.
• Identification of defects and vulnerabilities in new and existing software products using the following methods:

- Static code analysis (mainly Java and J2EE applications, iOS and Android mobile apps) using HPE-MicroFocus Fortify SCA;
- Dynamic code analysis and scanning for vulnerabilities using Burp Suite and OWASP ZAP;
- Manual penetration tests on software products deployed on a test environment.

• Development of recommendations for software developers for addressing the security flaws identified.
• Optimization and automation of the audit process.
• Configuration (creation of new rules) of SAST and DAST tools.

Skills

Must have

• Understanding of architecture and working principles of modern web applications.
• English level: Upper-Intermediate.
• Higher education in IT.
• Strong knowledge of basic concepts of information security.
• Strong knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities, and information security risks in web and mobile applications (OWASP Top 10), as well as ways of detecting and mitigating them.
• More than 2 years of working experience as an Application Security Engineer or in a similar position (Penetration testing, etc.).
• Strong knowledge of programming languages (Java) and scripting languages (Python, Powershell, bash).

Nice to have

• Relevant information security certifications: OSCP, CEH, OSWE.
• Knowledge of/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, etc.
• Knowledge of/experience with information security standards and frameworks: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, etc.
• Experience in CTF or bug bounty programs.
• Experience in web or mobile apps development.

Languages

English: B2 Upper Intermediate

Seniority

Senior

Relocation package

If needed, we can help you with relocation process. .

Vacancy Specialization

Application Security

Ref Number

VR-75668

Luxoft