Application security analyst (1 year experience, hybrid)
Be part of our future! This job posting builds our talent pool for potential future openings. Well compare your skills and experience against both current and future needs. If theres a match, well contact you directly. No guarantee of immediate placement, and we only consider applications from US/Canada residents during the application process.
Hiring Type: Full-Time
Base Salary: $57K-$67K Per Annum.
Tasks
- Tasks within the SDLC process: analysis of analyzer results, rule refinement, evaluation of their effectiveness;
- Source code analysis of applications in Java;
- Conducting internal penetration tests;
- Diving into the workings of containerized applications, understanding their implementations;
- Preparing recommendations for identified vulnerabilities, taking into account the specifics of the technological stack and implementations.
Requirements
- Experience with DAST (AFL, Fuzzing, Burp), including creating custom “farms”;
- Experience in conducting pen tests for virtualized infrastructure;
- Experience in analyzing mobile applications;
- Programming skills in Java;
- Experience with k8s, Docker;
- Experience with traffic analyzers (Wire shark, etc.);
- Experience in automating routine security processes;
- Understanding of modern software development processes and practices: Agile, SDLC, DevOps, CI/CD;
- Competent written and verbal communication skills (English B1, Russian B2+).
- Successful participation in Bug Bounty programs;
- CTF experience;
- Familiarity with OWASP Testing Guide, OWASP Code Review Guide, OWASP Secure Coding Practices;
- Experience working with and supporting HashiCorp Vault;
- Experience with network vulnerability scanners (Sureness, XSpider, MaxPatrol, etc.).