сегодня

application security engineer

ориентир по рынку
вакансия зп не указана
в среднем 327 250 ₽
Загрузи резюме, чтобы видеть мэтчи с вакансией

генерация резюме под вакансию

Загрузи резюме в профиль, чтобы сгенерировать временное CV под эту вакансию

сопроводительное письмо

Загрузи резюме в профиль, а нейросеть определит твою категорию. Затем ты сможешь генерировать сопроводительные письма для вакансий этой категории

описание

The project focuses on enhancing product security capabilities within a modern, cloud-native environment, ensuring security is embedded early in the software development lifecycle to support scalable product delivery.

задачи

  • Act as a security advocate for product owners and engineering teams;
  • Perform web, backend, and mobile security assessments;
  • Orchestrate and coordinate security testing activities including penetration testing;
  • Participate in architecture and design discussions to ensure security is embedded from the start;
  • Conduct threat modelling for new and existing features;
  • Support and improve secure development practices across engineering teams;
  • Integrate and enhance security tooling within CI/CD pipelines;
  • Ensure adherence to Secure Development Lifecycle (SDLC) practices;
  • Triage findings from tools, bug bounty programs, and security reports;
  • Provide guidance on secure coding practices and vulnerability remediation;
  • Balance security requirements with engineering productivity;
  • Collaborate with internal teams and external vendors on security initiatives;
  • Manage and reduce security backlog;
  • Prevent backlog accumulation by handling incoming security requests;
  • Correlate findings across multiple security tools and prioritize remediation efforts;
  • Act as a security point of contact for specific product domains;
  • Coordinate with external vendors for security testing and assessments;
  • Provide practical and implementable security recommendations;
  • Onboard and contribute with minimal ramp-up.

требования

  • Experience in application security or product security roles;
  • Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux);
  • Strong understanding of web and/or mobile security;
  • Experience working with cloud-native applications (preferably AWS);
  • Solid knowledge of networking and operating systems;
  • Experience with threat modelling and secure design practices;
  • Basic programming knowledge (Python, JavaScript, Go, or similar);
  • Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS);
  • Experience advising engineering teams on secure coding practices;
  • Basic understanding of cloud environments and infrastructure concepts;
  • Experience working in microservices-based architectures;
  • Nice to have: Experience in fintech or regulated environments, ability to read and understand languages such as Java or C#, experience integrating security tools into CI/CD pipelines, exposure to AI-driven systems and modern architectures, understanding of vulnerability management platforms.

условия

  • Vacation as per the laws of your country;
  • Health insurance policy for you and your loved ones;
  • Sick pay: 10 days without a doctor's note, afterwards as per the laws of your country;
  • Time off for state holidays according to the official calendar;
  • Two large corporate parties and many small get-togethers;
  • Comfort service for solving technical and everyday problems at work.

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.

прозрачные зарплаты в IT

Анонимные данные по зарплатам и грейдам

Посмотреть
График динамики зарплат
Откликнуться Добавить в трекер

Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.