- Knowledge of programming languages (Java/PHP/JS);
- Experience with Application Security Testing (SAST, DAST, SCA, etc.);
- Experience in Security Software Development Life Cycle(SSDLC);
- Experience with application security tools like SonarCube, Veracode, Acunetix, BurpSuite, OWASP ZAP, Metasploit, etc;
- Experience with OWASP Software Assurance Maturity Model (SAMM);
- Experience in implementation and assessment of OWASP ASVS;
- Experience in Threat modeling, Business impact analysis;
- Knowledge of OWASP TOP 10;
- Knowledge of PCI-DSS;
- Knowledge of GDPR;
- Experience with AWS
Be a plus:
- Participation in bug bounty programs and security research;
- Certifications in Security;
- Team Leading.
- Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams.
- Develop secure system design and secure coding recommendations.
- Design and implement SSDLC practices including automated and manual security tests, code review, etc.
- Integrate security controls in CI/CD and operational pipelines.
- Checking the source code and testing web applications, API for vulnerabilities.
- Review of software and infrastructure from a security point of view at all stages of the software development lifecycle.
- Manage product bug bounty and drive different program initiatives
What we offer:
- Cozy and roomy office space;
- Full-time position, flexible work schedule;
- Formal employment, full social package;
- Job interview-based salary;
- Friendly team members and open-to-everyone working environment;
- English language courses;
- Gym and fitness classes for employee.