application security engineer
генерация резюме под вакансию
сопроводительное письмо
описание
Salmon Group Ltd operates a mobile banking platform, payment systems, and a range of regulated financial products. The organization focuses on delivering secure digital banking services while managing complex regulatory requirements and infrastructure security.
задачи
- Identify high-risk systems, data flows, and product changes to prioritize security efforts;
- Decide on security gates for releases and justify decisions to engineering and the CISO;
- Maintain a risk register for application-layer exposures;
- Integrate security controls into the product delivery process;
- Conduct threat modeling for product changes before design finalization;
- Build and maintain a mobile security testing baseline;
- Assess and optimize CI/CD pipeline security tools to improve signal-to-noise ratio;
- Manage supply chain security including dependency pinning, SBOM, and internal registries;
- Handle secrets detection and remediation end-to-end;
- Translate application security gaps into documentation for regulatory examiners;
- Coordinate security requirements for new product launches across the group and bank structure.
требования
- 7+ Years of experience in application security with technical and process ownership;
- Proven experience building or improving secure SDLC in fast-moving product organizations;
- Experience running threat modeling on product features and influencing design;
- End-to-end vulnerability management experience including triage, remediation, and risk acceptance;
- Hands-on mobile security testing experience for iOS or Android in production;
- Deep understanding of modern supply chain attack vectors and mitigation strategies;
- Proficiency in Python or Bash for security automation;
- Strong written English for async communication;
- Ability to explain security issues to both technical and non-technical stakeholders;
- Nice to have: Experience in a regulated environment, familiarity with PCI-DSS, ISO 27001, or BSP MORB, certifications such as OSCP, GWEB, GWAPT, or CSSLP.
условия
- No conditions specified
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.