• Performing penetration testing of web and mobile applications to identify security vulnerabilities
• Applying OWASP methodologies and best practices for web, mobile, and API security testing
• Creating comprehensive test reports, including technical details, proof-of-concept (PoC), risk assessment, and remediation recommendations for developers
• Conducting risk analysis, prioritizing vulnerabilities based on potential business impact, and providing actionable mitigation strategies
• Developing and executing attack scenarios simulating real-world cyber threats
• Testing API security and integrating automated security checks into the CI/CD pipeline
• Participating in internal security awareness training sessions to enhance the team’s cybersecurity expertise

• Monitoring security systems and identifying potential threats
• Analyzing and responding to information security incidents
• Performing vulnerability assessments, analyzing results, and providing recommendations
• Developing and implementing information security policies
• Updating and maintaining security systems
• Supporting antivirus protection, firewalls, and access control systems
• Training and advising staff on information security best practices
• Working with Privileged Access Management (PAM) systems
• Configuring and maintaining EDR/XDR solutions for endpoint protection
• Utilizing SIEM systems for security event monitoring and analysis
• Administering FortiMail for corporate email protection

• Conducting regular security scans of the external and internal perimeter of the Holding's network
• Manual processing of scan results, verification of detected vulnerabilities, reporting, Continuous Penetration Testing (CPT) vulnerability management, Threat Modelling
• Advising internal clients on system security projects. Interaction with IT engineers and developers on information security issues
• Participation in projects to automate and improve IS processes
• Implementation, change management and support of information systems used to ensure information security
• Work with documents (creation, updating of policies, regulations, presentation materials and reports)
• Development of methodologies and approaches based on freemiums and information security standards
• Monitoring and response to information security incidents, their analysis and mitigation

Monitoring, identification, and initial analysis of information security events. Response to cyber incidents. Quality control of data collection on information security events. Connecting sources to monitor information security events. Research/testing of the latest security systems.

Practical experience in implementation/administration/use of event monitoring and response to information security incidents Understanding of the purpose, scope, and typical use cases of information security systems (SIEM, IDS\IPS)

Experience with end device cyber protection tools (AV, EDR), firewalls (Firewall), security gateways (WEB Gateway, Email Gateway)

Main types of cyber attacks, tactics, techniques and procedures for their implementation (TTPs), methods and means of their detection/localization/counteraction technologies and principles of operation of group policy management tools (Active Directory) Fundamentally functioning of protocols and technologies (PSec, VPN. TLS, SSL, HTTPS. SSH, TACACS. Kerberos, Radius, Hash, PKI) information security standards CIS Controls v8, CSA Cloud Controls

Analysis and elaboration of business requirements (BR) and customer ideas, critical assessment of the BR - making proposals for the development and implementation of the BR. Development and maintenance of software in Java, according to technical tasks/development requests; participation in working groups on automation projects as an expert on the architecture of the company’s information environment. Primary testing of developed reports and programs; running programs on control data. Development and execution of accompanying technical documentation. Research and implementation of advanced promising software technologies.

• Development using Spring Framework (MVC, Security, Dependency Injection, AOP,
• REST, JDBC/JPA/JMS/EJB Support), Apache Camel
• Experience with IntelliJ IDEA, NetBeans, or Eclipse
• Knowledge of HTML/CSS/JS/XML/JSON Experience with DBMS at the SQL level
• Basic principles of relational DBMS (Hibernate)
• Work on GIT/SVN Experience in integration with Microsoft Office and Office 365 products