Application Security Consultant
Epam
Kharkiv, Ukraine
5 днів тому

DESCRIPTION

As an Application Security Consultant you will be responsible for leading the team that will implement Application Security program on, establishing secure SDLC process and secure architecture.

Responsibilities

  • Lead and coordinate Security Audits for on-going projects : (from Architecture, Process, Risk and Testing etc.)
  • Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development
  • Perform Application Security Trainings for Development Teams
  • Contribute to building Secure Architecture and Design for the projects
  • Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it
  • Cooperate with all sub-teams : BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented
  • Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers
  • Requirements

  • 3+ years of professional experience in the field of Software Development
  • Passion to develop in the field of Security
  • Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc.)
  • Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Threat Modeling, Security Code Review
  • Understanding of security threats, their classification
  • Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.
  • and how they match the general classification

  • Understanding of main security concepts and principles
  • Understanding of main areas of protection and levels of defense
  • Nice to have

  • Familiarity with the tools for various security activities : Static Code Analysis, Pen Testing, Intrusion Detection / Prevention etc
  • Knowledge of Security Features and Mechanisms provided by at least one OS and development platform / technologies
  • Understanding of mitigation mechanisms for every type of threats
  • Familiarity with existing security standards and regulations experience of requirements implementation
  • Understanding of basic principles of infrastructure security and penetration testing
  • Ability to use the tools to perform actual attacks is a plus
  • Certification in any security area is a plus
  • We offer

  • Competitive compensation depending on experience and skills
  • Individual career path
  • Unlimited access to LinkedIn learning solutions
  • Social package - medical insurance, sports
  • Compensation for sick lists and regular vacations
  • English classes with native speakers (certified English teachers)
  • Flexible work hours
  • Повідомте про це
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Надіслати заяву
    Моя електронна адреса
    Клацнувши по кнопці "# кнопка", я даю згоду neuvoo на обробку моїх даних та надсилання сповіщень електронною поштою, як це детально описано в Політиці конфіденційності neuvoo. Я можу будь-коли відкликати свою згоду або скасувати підписку.
    Продовжити
    Заява