security engineer
генерация резюме под вакансию
сопроводительное письмо
описание
Xsolla is a global commerce company providing tools and services to help video game developers fund, distribute, market, and monetize their games. The company acts as a merchant of record, supporting creators from indie studios to AAA companies in reaching players worldwide.
задачи
- Triage security findings by assessing bug bounty reports and scanner results;
- Evaluate the validity and severity of security issues and provide written summaries;
- Participate in security assessments of web applications and APIs;
- Document risks, reproduction steps, and remediation guidance for engineering teams;
- Participate in threat modeling sessions to identify trust boundaries and attack surfaces;
- Operate SAST, DAST, and dependency scanning tools;
- Track security findings and support remediation workflows;
- Review code for common vulnerability classes under the guidance of senior specialists;
- Monitor developments in the security community and track new CVEs and attack techniques.
требования
- Solid understanding of OWASP Top 10, CSRF, XSS, IDOR, SQL injection, and authentication weaknesses;
- Knowledge of web fundamentals including HTTP, REST APIs, client-server models, and browser security mechanisms;
- Hands-on experience with Burp Suite or similar web application security testing tools;
- Ability to document vulnerabilities with clear reproduction steps and impact statements;
- Familiarity with secure coding concepts like input validation and least privilege;
- Ability to read and follow logic in PHP, Python, JavaScript, or Go codebases;
- Strong analytical and methodical problem-solving skills;
- Precise written communication skills;
- Nice to have: Participation in bug bounty programs or CTF competitions, basic scripting in Python or Bash, familiarity with CI/CD pipelines, exposure to GCP/AWS/Azure, relevant certifications like eWPT, CEH, or PortSwigger Web Security Academy progress.
условия
- No conditions specified
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.