Senior Application Security Engineer
Epam
Kyiv, Ukraine
2 днів тому

DESCRIPTION

Our customer provides comprehensive workers' compensation healthcare solutions.

On current position, you will be responsible for on boarding and maintaining vulnerabilities discovered via scanning tools and manual reviews.

Responsibilities

  • Assist in evaluating, planning, configuration, and implementation of new / existing security applications / tools
  • Systematically address application security issues and develop secure coding practices for multiple development teams
  • Integrate in application authentication, encryption, authorization, and access control
  • Provide mitigation strategies for applications from a secure coding perspective
  • Utilize application security scanning tools such as Burpsuite / Fortify to interpret reports and validate identified vulnerabilities and associated risks
  • Utilize source code scan tools to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
  • Proactively work with team members to address security and compliance issues
  • Provide education and assistance to application developers for applying Security Software Development Life Cycle
  • Collaborate with development teams to prioritize and remediate vulnerabilities throughout the application lifecycle
  • Requirements

  • 5+ years of web development experience
  • 2+ years of .NET C# web development experience on Azure
  • 1+ year of application security experience
  • Proven experience in Static and / or Dynamic Application Security Testing
  • Familiarity with BSIMM, OWASP SAMM and / or OWASP ASVS would be a plus
  • Experience or familiarity with CI / CD pipelines and Agile environments would be a plus
  • Good understanding of the OWASP Top 10 Risks & Controls, and the SANS Top 25 Software Errors
  • Strong knowledge of applications hosted in cloud Amazon Web Services (AWS), Google (GCP) or Microsoft Azure clouds
  • Ability to demonstrate effective application vulnerability and penetration-testing skills including Injection, XSS, and XXE attacks in web applications nice to have
  • Ability to demonstrate effective skill with dynamic and static analysis tools and in software engineering principles, frameworks, and technologies
  • Ability to advise other engineers on application security best practices
  • Upper-Intermediate or higher English level, both spoken and written (B1+)
  • We offer

  • Competitive compensation depending on experience and skills
  • Individual career path
  • Social package - medical insurance, sports
  • Unlimited access to LinkedIn learning solutions
  • Compensation for sick lists and regular vacations
  • English classes with certified English teachers
  • Flexible work hours
  • Повідомте про це
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Надіслати заяву
    Моя електронна адреса
    Клацнувши по кнопці "# кнопка", я даю згоду neuvoo на обробку моїх даних та надсилання сповіщень електронною поштою, як це детально описано в Політиці конфіденційності neuvoo. Я можу будь-коли відкликати свою згоду або скасувати підписку.
    Продовжити
    Заява