Application Security Engineer/Architect

Minsk, Belarus

Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION


Currently we are looking for an Application Security Engineer/Architect for our Minsk office to make the team even stronger.

As an Application Security Engineer, you will be responsible for increasing Security Awareness among Project Teams and driving security activities through the entire SDLC.

The candidate is supposed to work at our Minsk office, but BY regions can be considered as well and relocation to Minsk is supported.

Responsibilities

  • Review Secure Design (Threat Model) for all new development projects;
  • Scan Application Security Source Code for all products and platforms;
  • Consult on all 3rd-party Application Security Penetration Testing;
  • Consult on vulnerability response process, impact assessments and remediation plans;
  • Recommend design and code changes to meet product security objectives and remedy security findings;
  • Perform unit-test if needed to verify a remediation or provide a proof-of-concept as evidence of a vulnerability.

Requirements

  • Experience with our technology stack: Windows .NET clients, Objective-C on Mac OS X and iOS, Java Android Client, .NET ASPX server, Play-Scala, MS-SQL;
  • Possesses security certifications (CEH, CSSLP, CREST, CISSP, etc.);
  • Experience with VAPT and familiarity with common security vulnerabilities, the lexicon of findings (CVSS, CVE), ability to assess severity, etc;
  • Knowledge of Security Development methodology based on Microsoft SDL (Risk and Privacy Assessment, Threat Modeling, Security Code Review);
  • Understanding of the nature of security threats and their classification (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DDoS, etc.);
  • Understanding of main security principles, such as multi-layered protection (Defense in Depth);
  • Understanding of main areas of protection (Security, Privacy, Availability) and levels of defense (networking, infrastructure, OS, Application);
  • Understanding of mitigation mechanisms for every type of threats (e.g. validation, sanitizing, crypto-operations, etc.);
  • Good knowledge of Security Features and Mechanisms provided by development platform/technologies/OS (e.g. .NET Framework, databases, etc.).

We offer

  • Outstanding career development opportunities;
  • Experience exchange with colleagues all around the world;
  • Competitive compensation depending on experience and skills;
  • Regular assessments and salary reviews;
  • Social package - medical care, sports, family care;
  • Free English classes;
  • Opportunities for self-realization;
  • Friendly team and enjoyable working environment;
  • Flexible working schedule;
  • Corporate and social events.