Application Security Engineer

  • Warszawa
  • 8000 - 14000 PLN netto

Opis

As our Application Security Engineer you will be responsible for:

  • Develop secure system design and secure coding recommendations;
  • Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments;
  • Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams;
  • Actively participate in the “security champions” initiative and provide deep security training to engineering teams;
  • Perform routine internal penetration testing and code reviews of our web application (including preparation of PoC’s and documenting the outcomes with recommended mitigations);
  • Mentoring Software Engineers on Security Best Practices and Awareness;
  • Collaborate with Development teams on mitigations of Application vulnerabilities;
  • Integrate static and dynamic security testing tools in CI/CD pipelines;
  • Create, maintain and manage tools to support security testing and monitoring;
  • Be the first response and remediation for Security-related incidents;
  • Integrate a proactive approach to security in a dynamic development environment;
  • Cooperate efficiently in a team, understanding other teams needs and our business;
  • Actively improve and update professional skills through continued learning;
  • Own the problem, take advantage of the ability to make your own decisions and also take responsibility end to end.

 

Requirements

  • You’re familiar with the specifics of security in consumer-facing applications;
  • Extensive knowledge of internet security issues and technical aspects of security;
  • Strong coding experience, preferably in PHP/JS (node.js+angular);
  • Familiarity with security tools for DAST, SAST, and IAST analysis;
  • Proven Pentesting experience;
  • Excellent communication abilities;
  • Good command of English;
  • At least one year of solid experience after graduation.

 

Nice to have:

  • Experience with designing and debugging complex systems;
  • Track record of shipped projects. Ideally in a similar domain (such as high scale, reliable 24/7, SaaS);
  • Solid understanding of container security is appreciated;
  • Experience with Google Cloud Platform (or other cloud platforms);
  • Contributions to the security community (participation in bug bounty programs, public research, blogging, presentations, etc).

 

Benefits

  • Work in a real startup from the Silicon Valley where your ideas matter and where you can have real influence on our products
  • Office located in city center, near the M2 metro line
  • Shared equity ownership
  • Work in an environment of transparency with lots of exposure to senior management
  • Yearly conference/workshop budget
  • Flexible working hours
  • Social room filled with snacks, fresh fruits and table football
  • Multisport card, private health insurance and group life insurance
  • Team lunches and breakfasts once a week
  • Frequent company events

 

Instapage czytaj więcej

Application Security Engineer

  • Warszawa
  • 8000 - 14000 PLN netto
  • JavaScript
  • Dowolny rodzaj zatrudnienia
  • Dodano 19 dni temu
Aplikuj teraz

Wymagania

  • JavaScript (Node.js + Angular 2+)
  • PHP
  • DAST/SAST/IAST
  • Pentesting

Opis

As our Application Security Engineer you will be responsible for:

  • Develop secure system design and secure coding recommendations;
  • Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments;
  • Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams;
  • Actively participate in the “security champions” initiative and provide deep security training to engineering teams;
  • Perform routine internal penetration testing and code reviews of our web application (including preparation of PoC’s and documenting the outcomes with recommended mitigations);
  • Mentoring Software Engineers on Security Best Practices and Awareness;
  • Collaborate with Development teams on mitigations of Application vulnerabilities;
  • Integrate static and dynamic security testing tools in CI/CD pipelines;
  • Create, maintain and manage tools to support security testing and monitoring;
  • Be the first response and remediation for Security-related incidents;
  • Integrate a proactive approach to security in a dynamic development environment;
  • Cooperate efficiently in a team, understanding other teams needs and our business;
  • Actively improve and update professional skills through continued learning;
  • Own the problem, take advantage of the ability to make your own decisions and also take responsibility end to end.

 

Requirements

  • You’re familiar with the specifics of security in consumer-facing applications;
  • Extensive knowledge of internet security issues and technical aspects of security;
  • Strong coding experience, preferably in PHP/JS (node.js+angular);
  • Familiarity with security tools for DAST, SAST, and IAST analysis;
  • Proven Pentesting experience;
  • Excellent communication abilities;
  • Good command of English;
  • At least one year of solid experience after graduation.

 

Nice to have:

  • Experience with designing and debugging complex systems;
  • Track record of shipped projects. Ideally in a similar domain (such as high scale, reliable 24/7, SaaS);
  • Solid understanding of container security is appreciated;
  • Experience with Google Cloud Platform (or other cloud platforms);
  • Contributions to the security community (participation in bug bounty programs, public research, blogging, presentations, etc).

 

Benefits

  • Work in a real startup from the Silicon Valley where your ideas matter and where you can have real influence on our products
  • Office located in city center, near the M2 metro line
  • Shared equity ownership
  • Work in an environment of transparency with lots of exposure to senior management
  • Yearly conference/workshop budget
  • Flexible working hours
  • Social room filled with snacks, fresh fruits and table football
  • Multisport card, private health insurance and group life insurance
  • Team lunches and breakfasts once a week
  • Frequent company events

 

Formularz zgłoszeniowy

Super! Twoje CV zostało wysłane do rekrutera, o postępach powiadomimy Cię wiadomością e-mail

Dodaj CV (.pdf)
Informujemy, że administratorem danych jest Instapage Poland Sp. z o.o. z siedzibą w Białystok, Aleja Józefa Piłsudskiego 6/1 (dalej jako "administrator"). Masz prawo do żądania dostępu do swoich danych osobowych, ich sprostowania, usunięcia lub ograniczenia przetwarzania, prawo do wniesienia sprzeciwu wobec przetwarzania, a także prawo do przenoszenia danych oraz wniesienia skargi do organu nadzorczego. Dane osobowe przetwarzane będą w celu realizacji procesu rekrutacji. Podanie danych w zakresie wynikającym z ustawy z dnia 26 czerwca 1974 r. Kodeks pracy jest obowiązkowe. W pozostałym zakresie podanie danych jest dobrowolne. Odmowa podania danych obowiązkowych może skutkować brakiem możliwości przeprowadzenia procesu rekrutacji. Administrator przetwarza dane obowiązkowe na podstawie ciążącego na nim obowiązku prawnego, zaś w zakresie danych dodatkowych podstawą przetwarzania jest zgoda. Dane osobowe będą przetwarzane do czasu zakończenia postępowania rekrutacyjnego i przez okres możliwości dochodzenia ewentualnych roszczeń, a w przypadku wyrażenia zgody na udział w przyszłych postępowaniach rekrutacyjnych - do czasu wycofania tej zgody. Zgoda na przetwarzanie danych osobowych może zostać wycofana w dowolnym momencie. Odbiorcą danych jest Serwis JarJobs.com oraz inne podmioty, którym powierzyliśmy przetwarzanie danych w związku z rekrutacją. rozwiń keyboard_arrow_down