Віддалена робота
Application security engineer
Віддалена робота
Повна зайнятість
Розвозка / авто від компанії
Бонуси / премії
Офіс біля метро
Офіс з бомбосховищем
Enamine is one of the major chemical R&D product and service providers for the world pharma and agro-industry. We have well developed IT landscape, which includes both out-of-the-box systems purchased from the leading IT solutions suppliers as well as our own in-house created software and specific chemical products. As a part of strategic IT improvement initiative, we are looking for Application security engineer.
Functional responsibilities:
- Provide guidance on secure software development at all stages of the SDLC, including architecture and design reviews prior to the start of development.
- Creating and maintain SSDLC documentation.
- Evaluate and maintain SAST and DAST tools for automated scanning.
- Provide guidance on secure coding practices and conduct thorough code reviews, guiding the development team in addressing potential security issues.
- Perform security assessment and review of code and behavior of systems (web, API, backends). Perform risk analysis and threat modelling.
- Assist the other members of the security team during testing development process.
- Stay up to date with emerging security threats, vulnerabilities, and controls (read articles and papers, follow CVE updates, understand how threat landscape is changing, understand how to apply described ideas, read NIST guidelines).* Developing and supporting software environment security.
NECESSARY SKILLS:
- Be familiar with application security verification and software maturity frameworks: OWASP SAMM, OWASP ASVS, OWASP MASVS.
- Understanding SSDLC and its difficulties. OWASP SSDLC, NIST SSDF.
- Experience in performing security assessment for web apps.
- Experience designing and implementing security processes and security controls in a technically diverse environment.
- Understanding SSDLC and its difficulties. OWASP SSDLC, NIST SSDF.
- Communication skills: you will communicate about security technical topics with both technical and non-technical audiences.
- Experience in popular security tools required for the job, or ability to learn them quickly (Burp Suite, network analysers, various SAST and DAST, dependency and vulnerability scanners).
WE OFFER:
- Competitive compensation depending on experience and skills.
- Flexible working hours.
- Comprehensive benefits package including sick leaves, annual vacation, medical insurance and sport compensations.
- Individual annual budget on education.
- Friendly working environment.
- English language courses.
- Convenient office location.
- Dental services and therapeutic massage in the office.
