This is a remote position.
DISCLAIMER: This job posting is intended for active pooling of candidates who will become part of our talent pool. Your qualifications will be assessed against both current and future job openings. Should your application align with a role that corresponds to your skills and experience, and an opportunity arises, our recruitment team will reach out to you immediately. Please note that this does not guarantee immediate placement or contact. Additionally, we exclusively consider applications from individuals who are currently reside in the US/Canada during their application process.
Salary: $65,000 - $75,000 per annum
Experience Required: Minimum 1 year of project experience
What You'll Do:
- SDLC Security Champion: Collaborate within the SDLC process, analyzing security scanner results, refining security rules, and evaluating their effectiveness.
- Java Security Maestro: Analyze source code written in Java to identify and address potential security weaknesses.
- Penetration Testing Prowess: Conduct internal penetration tests to proactively discover and exploit vulnerabilities before malicious actors.
- Container Security Guru: Delve into the workings of containerized applications, understanding their security implications and implementations.
- Vulnerability Remediation Expert: Prepare actionable recommendations for identified vulnerabilities, considering the specific technology stack and application design.
What We're Looking For:
- Proven experience with DAST tools (AFL, Fuzzing, Burp) including creating custom configurations.
- A track record of conducting penetration tests for virtualized infrastructure.
- Experience in mobile application security assessments.
- Strong programming skills in Java.
- Experience with container orchestration tools like Kubernetes (k8s) and Docker.
- Familiarity with network traffic analysis tools (Wireshark, etc.).
- A passion for automating routine security processes to improve efficiency.
- Solid understanding of modern software development methodologies (Agile, SDLC, DevOps, CI/CD).
- Excellent written and verbal communication skills (English B1, Russian B2+).
We'd love to see if you have:
- A successful track record of participating in Bug Bounty programs.
- Experience in Capture the Flag (CTF) competitions.
- Familiarity with OWASP resources like the Testing Guide, Code Review Guide, and Secure Coding Practices.
- Experience working with HashiCorp Vault for secure secrets management.
- Experience with network vulnerability scanners (Nessus, XSpider, MaxPatrol, etc.).