application security engineer
генерация резюме под вакансию
сопроводительное письмо
описание
The project focuses on enhancing product security capabilities within a modern, cloud-native environment, ensuring security is embedded early in the software development lifecycle to support scalable product delivery.
задачи
- Act as a security advocate for product owners and engineering teams;
- Perform web, backend, and mobile security assessments;
- Orchestrate and coordinate security testing activities including penetration testing;
- Participate in architecture and design discussions to ensure security is embedded from the start;
- Conduct threat modelling for new and existing features;
- Support and improve secure development practices across engineering teams;
- Integrate and enhance security tooling within CI/CD pipelines;
- Ensure adherence to Secure Development Lifecycle (SDLC) practices;
- Triage findings from tools, bug bounty programs, and security reports;
- Provide guidance on secure coding practices and vulnerability remediation;
- Balance security requirements with engineering productivity;
- Collaborate with internal teams and external vendors on security initiatives;
- Manage and reduce security backlog;
- Prevent backlog accumulation by handling incoming security requests;
- Correlate findings across multiple security tools and prioritize remediation efforts;
- Act as a security point of contact for specific product domains;
- Coordinate with external vendors for security testing and assessments;
- Provide practical and implementable security recommendations;
- Onboard and contribute with minimal ramp-up.
требования
- Experience in application security or product security roles;
- Hands-on experience with offensive security testing (e.g., Burp Suite, Nmap, Kali Linux);
- Strong understanding of web and/or mobile security;
- Experience working with cloud-native applications (preferably AWS);
- Solid knowledge of networking and operating systems;
- Experience with threat modelling and secure design practices;
- Basic programming knowledge (Python, JavaScript, Go, or similar);
- Ability to identify and remediate common vulnerabilities (e.g., SQL injection, XSS);
- Experience advising engineering teams on secure coding practices;
- Basic understanding of cloud environments and infrastructure concepts;
- Experience working in microservices-based architectures;
- Nice to have: Experience in fintech or regulated environments, ability to read and understand languages such as Java or C#, experience integrating security tools into CI/CD pipelines, exposure to AI-driven systems and modern architectures, understanding of vulnerability management platforms.
условия
- Vacation as per the laws of your country;
- Health insurance policy for you and your loved ones;
- Sick pay: 10 days without a doctor's note, afterwards as per the laws of your country;
- Time off for state holidays according to the official calendar;
- Two large corporate parties and many small get-togethers;
- Comfort service for solving technical and everyday problems at work.
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.