application security engineer
генерация резюме под вакансию
сопроводительное письмо
описание
Devexperts provides consulting and software development services for the global financial industry, solving complex technological challenges for financial institutions.
задачи
- Conduct regular security assessments of applications, including code reviews, static/dynamic analysis, and penetration testing;
- Collaborate with development teams to design and implement security controls and integrate security into the software development lifecycle (SDLC);
- Lead and participate in the identification and remediation of security vulnerabilities in applications, APIs, and third-party services;
- Provide security guidance on secure coding practices, threat modeling, and vulnerability management to development teams;
- Implement and enforce security best practices for secure coding, API security, and encryption across application architectures;
- Stay up-to-date with the latest security threats, vulnerabilities, and trends;
- Develop and maintain automated security testing tools, frameworks, and processes for continuous security integration within CI/CD pipelines;
- Support risk assessments and threat modeling for new and existing applications;
- Participate in incident response activities related to application security;
- Create and deliver security training and awareness programs for developers;
- Support vulnerability management and remediation efforts;
- Ensure compliance with internal security standards and external regulatory requirements (e.g., GDPR, PCI-DSS, HIPAA);
- Collaborate with cross-functional teams, including DevOps, infrastructure, and security operations.
требования
- Bachelor’s degree in Computer Science, Information Security, Software Engineering, or a related field;
- Over 3 years of hands-on experience in application security, focusing on web applications, APIs, and cloud-based environments;
- Proficiency with application security tools such as SAST, DAST, vulnerability scanners, and penetration testing tools;
- Knowledge of secure coding practices and frameworks like OWASP and NIST;
- Familiarity with common vulnerabilities and mitigation strategies;
- Experience with source code analysis, including manual and automated code reviews;
- Experience working in a DevOps or Agile development environment;
- Understanding of web application security, including session management, access control, and authentication;
- Proficiency in at least one programming language (e.g., Python, Java, JavaScript, Ruby);
- Strong knowledge of networking concepts, HTTP/HTTPS, web servers, and security protocols;
- Excellent problem-solving and analytical skills;
- Strong communication skills for collaborating with stakeholders;
- Nice to have: Certifications such as CEH, CSSLP, GWAPT, CASE, OSWE, experience with cloud platforms (AWS, Azure, GCP), familiarity with threat modeling techniques, experience with CI/CD and DevSecOps, knowledge of container security and microservices, experience with SonarQube or Veracode.
условия
- 24 Working days of paid vacation;
- 3 Additional wellness days per year;
- VIP medical insurance;
- FitPass access for sports;
- Office meals, free drinks, and snacks;
- Teambuilding activities, corporate parties, and various clubs (football, billiard, speakers);
- Access to conferences, professional fairs, and personal branding support;
- Georgian language courses, unlimited access to self-learning platforms, certification opportunities, and mentorship program;
- Parental and referral bonuses, gifts for employees and children, and paid blood donation leave.
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.