сегодня

application security engineer

выше рынка на 15,0%
вакансия 273 024 ₽
в среднем 237 504 ₽
Загрузи резюме, чтобы видеть мэтчи с вакансией

генерация резюме под вакансию

Загрузи резюме в профиль, чтобы сгенерировать временное CV под эту вакансию

сопроводительное письмо

Загрузи резюме в профиль, а нейросеть определит твою категорию. Затем ты сможешь генерировать сопроводительные письма для вакансий этой категории

описание

Devexperts provides consulting and software development services for the global financial industry, solving complex technological challenges for financial institutions.

задачи

  • Conduct regular security assessments of applications, including code reviews, static/dynamic analysis, and penetration testing;
  • Collaborate with development teams to design and implement security controls and integrate security into the software development lifecycle (SDLC);
  • Lead and participate in the identification and remediation of security vulnerabilities in applications, APIs, and third-party services;
  • Provide security guidance on secure coding practices, threat modeling, and vulnerability management to development teams;
  • Implement and enforce security best practices for secure coding, API security, and encryption across application architectures;
  • Stay up-to-date with the latest security threats, vulnerabilities, and trends;
  • Develop and maintain automated security testing tools, frameworks, and processes for continuous security integration within CI/CD pipelines;
  • Support risk assessments and threat modeling for new and existing applications;
  • Participate in incident response activities related to application security;
  • Create and deliver security training and awareness programs for developers;
  • Support vulnerability management and remediation efforts;
  • Ensure compliance with internal security standards and external regulatory requirements (e.g., GDPR, PCI-DSS, HIPAA);
  • Collaborate with cross-functional teams, including DevOps, infrastructure, and security operations.

требования

  • Bachelor’s degree in Computer Science, Information Security, Software Engineering, or a related field;
  • Over 3 years of hands-on experience in application security, focusing on web applications, APIs, and cloud-based environments;
  • Proficiency with application security tools such as SAST, DAST, vulnerability scanners, and penetration testing tools;
  • Knowledge of secure coding practices and frameworks like OWASP and NIST;
  • Familiarity with common vulnerabilities and mitigation strategies;
  • Experience with source code analysis, including manual and automated code reviews;
  • Experience working in a DevOps or Agile development environment;
  • Understanding of web application security, including session management, access control, and authentication;
  • Proficiency in at least one programming language (e.g., Python, Java, JavaScript, Ruby);
  • Strong knowledge of networking concepts, HTTP/HTTPS, web servers, and security protocols;
  • Excellent problem-solving and analytical skills;
  • Strong communication skills for collaborating with stakeholders;
  • Nice to have: Certifications such as CEH, CSSLP, GWAPT, CASE, OSWE, experience with cloud platforms (AWS, Azure, GCP), familiarity with threat modeling techniques, experience with CI/CD and DevSecOps, knowledge of container security and microservices, experience with SonarQube or Veracode.

условия

  • 24 Working days of paid vacation;
  • 3 Additional wellness days per year;
  • VIP medical insurance;
  • FitPass access for sports;
  • Office meals, free drinks, and snacks;
  • Teambuilding activities, corporate parties, and various clubs (football, billiard, speakers);
  • Access to conferences, professional fairs, and personal branding support;
  • Georgian language courses, unlimited access to self-learning platforms, certification opportunities, and mentorship program;
  • Parental and referral bonuses, gifts for employees and children, and paid blood donation leave.

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.

прозрачные зарплаты в IT

Анонимные данные по зарплатам и грейдам

Посмотреть
График динамики зарплат
Откликнуться Добавить в трекер

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.