Вакансия Senior Security Engineer

Key Responsibilities:

• Perform application and infrastructure penetration tests, as well as social engineering tests for our global clients
• Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Participate in Security Assessments of networks, systems, and applications
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

Requirements:

• Good understanding of network protocols, design, and operations
• Good understanding of different OS (Windows/Linux/Android/iOS/MacOS etc.) features
• Good understanding of web application security issues (e.g. OWASP Top 10)
• Familiarity with different web technology stacks and frameworks from the security perspective (Java/JBoss/Apache Sling/.NET/RoR/IBM Web Sphere etc.)
• Familiarity with any scripting language (Python, Ruby or other)
• Previous experience in penetration testing and security assessments
• At least 2 years of experience in the industry

Tools and Technologies:

• Security testing key security threats from OWASP Top 10/SANS 25: SQLi, XSS, CSRF, Fuzzing, etc.
• Kali, Backtrack, FreeBSD, CentOS, Windows
• OS virtualization: VMWare, VMware Workstation, Virtual Box
• Sniffing, Spoofing, Network troubleshooting (tcpdump, WireShark)
• Android or IOS application security (OWASP Moblie Top 10, JADX, dex2jar, peda)
• Burp Suite, OWASP ZAP proxy
• Metasploit, Armitage
• Nessus, OpenVAS
• Acunetix, Nikto
• Testssl, ssltest, sslyze
• Nmap, netcat
• Security SDLC
• Static and Dynamic Security Testing methodology

As a Plus:

• CISSP, CISA, CEH, OSCP or other information security certifications
• Previous experience in securing products according to PCI, HIPPA, GDPR, or other compliances
• Experience with various commercial security tools and products (Fortify, AppScan, Checkmarx, etc.)
• Good understanding of the components of a secure DLC/SDLC
• Vulnerability analysis and application reversing skills
• Understanding of cryptography principles