appsec engineer
генерация резюме под вакансию
сопроводительное письмо
описание
CoinsPaid is a fintech company that builds blockchain payment infrastructure for the global economy. It designs, implements, and scales payment systems that connect digital assets with real-world financial operations to help businesses and financial institutions operate efficiently.
задачи
- Support and continuously improve the company's Vulnerability Management process;
- Perform vulnerability triage, risk assessment, prioritization, and remediation tracking;
- Work with engineering teams to ensure timely remediation of identified vulnerabilities;
- Analyze findings from multiple security tools and sources and reduce noise through effective prioritization;
- Monitor vulnerability remediation SLAs and provide visibility into security posture through reporting and metrics;
- Participate in threat modeling activities for new systems, services, and significant architectural changes;
- Conduct security risk assessments and provide actionable recommendations;
- Define and maintain application security requirements in collaboration with engineering teams;
- Support Secure SDLC initiatives and help integrate security practices into development workflows;
- Provide guidance to developers and DevOps engineers on vulnerability remediation and secure design practices.
требования
- 4+ Years of experience in Application Security, Product Security, Vulnerability Management, or a related security discipline;
- Hands-on experience managing and prioritizing vulnerabilities across applications, infrastructure, containers, and cloud environments;
- Strong understanding of OWASP Top 10, CWE, CVSS, EPSS, MITRE ATT&CK, and risk-based vulnerability management approaches;
- Experience with security testing technologies such as SAST, DAST, SCA, Container Security, and Cloud Security tools;
- Experience conducting threat modeling and security risk assessments;
- Understanding of modern software development practices and CI/CD pipelines;
- Familiarity with Kubernetes and cloud platforms (AWS, GCP, or Azure);
- Ability to analyze security findings and make risk-based remediation recommendations;
- Strong stakeholder management and communication skills;
- Nice to have: Relevant professional certifications, experience in fintech or blockchain domains.
условия
- Flexible monthly budget of up to €230 for sports, mental health, coworking, home office, or medical expenses;
- Budget for courses, certifications, and professional development;
- Language learning support;
- Medical insurance or reimbursement depending on location;
- Access to mental health support;
- Financial support for important life events;
- Merch shop with rewards system;
- Team offsites and company events;
- Office role with relocation support.
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.