Type of contract: Every type of contract
Location: Warsaw (fully remote)
Online recruitment
What will you do?
- Identify opportunities to automate and standardize application security controls and cooperate with the CICD team
- Analyze source code to mitigate identified weaknesses and vulnerabilities
- Create guidelines and application security standards
- Review and check automated security testing results
- Perform software architecture design reviews for both on-prem and cloud deployments
- Work with engineering teams to help architect and implement solutions that are secure by design
- Define, document, and supervise implementation of security guidelines and standards
- Build frameworks and libraries to provide security by default
What do you bring?
- 4+ years of full-time commercial application security experience
- 4+ years of experience in software development, ideally Java & JavaScript in cloud environment
- Experience in architecting and building application security on modern tech stacks across multiple platforms (web, mobile, desktop)
- Prior experience in performing threat modelling and secure design reviews
- Familiarity with cloud services and their security best practices and secure design patterns - AWS especially
- Kubernetes and containerization security know-how
- Knowledge of common appsec vulnerabilities like OWASP Top 10 and cloud security gaps
- Knowledge of standards like OWASP Testing Guide, OWASP ASVS, NIST and SANS top 20
- Proficiency in modern and common web stack technologies (HTTP, HTML5, AJAX, REST, ...)
- Understanding of basic cryptography (encryption, hashing, MACs, digital signatures, TLS, password storage) and how they are applied in web applications
- Knowledge of protocols (OAuth, SAML, OIDC), flows and best practices
- At least basic know-how in networks
Nice to have
- Application Security related certificates
- Cloud (Security) related certificates