Application Security Engineer (Remote)
  • Ukraine
  • PMI
1 year before
31.01.2024
Oversee and Govern
Cybersecurity Management
Job Description

We Invite Those Who Fired Up To

• Integrate (with Head of Engineering) security culture in stream SDLC process;
• Perform penetration test activities (periodic and as a part of SDLC);
• Analyze value stream activities and projects from security perspective;
• Monitor engineering & delivery processes to suggest security improvements;
• Report to Head of Engineering regarding security state in value stream;
• Coordinate work with IT security team;
• Implement new security technologies and techniques in the value stream;
• Include new security features into CI/CD pipeline;
• Monitor CI/CD pipeline for new security vulnerabilities in services;
• Fix (or help with) security vulnerabilities in stream product services.

Essential Professional Experience

• 2+ years’ experience as Application security engineer/DevSecOps engineer;
• Experience in security architecture review and threat modeling of complex systems;
• A clear understanding of the Secure Software Development Life Сycle, processes, and tools;
• Experience with modern DevOps practices and tools;
• Experience implementation/configuration/maintain/automation security tools stack for CI/CD;
• Understanding of web application architecture, operating systems, cloud architecture, containerization;
• Experience with cloud services (at least on of AWS, Azure, GCP);
• Strong knowledge familiarity with application security concepts/standards (OWASP docs);
• Scripting experience (python) for purposes to automate/script daily tasks;
• Experience in a scripting/coding language, such as Python, PHP, React js, .NET Core, Node.js;
• Ability to apply modern Application Security methodologies and frameworks;
• Understanding security certifications (PCI DSS, SOC2);
• English Upper-Intermediate.

Quick response
Required Knowledge
  • K0261   Knowledge of Payment Card Industry (PCI) data security standards.
  • K0246   Knowledge of relevant concepts, procedures, software, equipment, and technology applications.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0076   Knowledge of server administration and systems engineering theories, concepts, and methods.
  • K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0090   Knowledge of system life cycle management principles, including software security and usability.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0009   Knowledge of application vulnerabilities.
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0138   Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • A0177  Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.