Application Security Engineer

vzc Головна Вакансії компанії Intellias Application Security Engineer

Project Overview:

Application Security engineers are working with product teams to help deliver secure products. As shift-left evangelists, we want to focus on pre-code activities in product planning and development. This includes reviewing early-stage designs, developing threat models, preparing security requirements, and scaling impact by curating security patterns, guidance, and training.

This is a proactive role, and we are looking for passionate people who will help us build end-to-end security in close collaboration with DevSecOps, Architecture, and Engineering chapters and product teams.

Рекрутерка

Ольга Гук

Responsibilities:

You will be the primary security engineer for software products and act as the point of contact for engineering and security;
Prepare security requirements based on company policies and best industry security standards;
Design, build and review security-related services and functions of web applications and mobile services;
Implement best security practices in Cloud Platforms (Azure);
Validate vulnerabilities from SCA, SAST, IAST/DAST, and image scanning solutions, and coordinate remediation;
Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon or similar tool);
Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications;
Collaborate with product & development managers to assess and prioritize security-related tasks in the development backlog;
Improve and adopt security best practices in testing, automation, and continuous integration pipelines.

Requirements:

3+ years of related technical experience in Product Security Architecture or Engineering;
1+ years of experience in Cloud Platforms (Azure/AWS/GCP);
3+ years of demonstrated experience in the Secure SDLC approach. Ability to describe goals, steps, processes, etc. Possess the ability to lead the implementation of security controls in the development team;
Experience in conducting threat assessments, building threat models, and creating remediation plans/requirements based on the results of threat assessments;
Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide;
Demonstrated experience in verifying results from SCA, SAST, IAST/DAST, and image scanning solutions;
Experience in risk management, its purpose, and its approaches;
Hands-on experience in scripting/coding in Python and Bash;
Ability to develop and conduct security training and workshops (e.g., General security training, threat modeling);
Proficiency in communicating over a text-based medium (MS Teams, Jira/Confluence, Email) and ability to concisely document technical details;
Excellent interpersonal and verbal communication skills.