Вакансії ІТ Кластер

Application Security Engineer

Платформа для залучення нових та підтримки існуючих клієнтів, які користуються інноваційною розробкою нашого замовника - Reduced-Risk Product.

The company:
You work for a large, global, multinational corporation. The company its offices around the world are connected with a worldwide private network. The company maintains a central data center in Europe and individual local data centers in the countries where it operates. It works with large global vendors; including one to manage telecommunications (called SBO), one to maintain the servers (called PRO), and a cloud solution provider (called CSP) with its software as a service products for business environment incl. email service, office applications, personal productivity and collaboration tools etc. The Company’s current strategy is to replace the legacy collaboration tools with modern cloud-based digital solutions that allow to collaborate securely anywhere and on any device.

  • Understand and implement the secure SDLC process including Policy and Compliance, Threat Assessment, Education and Guidance, Security Requirements, Secure Architecture in project under development;
  • Has solid knowledge on OWASP top 10;
  • Has an experience on OWASP ASVS Implementation and verification;
  • Has an experience with OWASP Software Assurance Maturity Model (OSAMM);
  • Has a solid knowledge on Cloud security and can configure and assess security settings in SaaS/PaaS solutions.

  • Make decision regarding the security on development process in specific project/team;
  • Estimate overall business risk profile;
  • Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications. In its simplest form, this can be a High/Medium/Low categorization;
  • Build and maintain compliance guidelines. Create policies and standards for security and compliance;
  • Conduct technical and role-specific application security awareness training;
  • Build and maintain technical guidelines;
  • Build and maintain application-specific threat models (OWASP Threat Dragon/MS Threat Modeling Tool) and as a result explicitly apply security principles to design;
  • Explicitly evaluate risk from third-party components;
  • Derive security requirements from business functionality.
Made on