Application Security Engineer

  • Full time
  • Prague
  • Posted 1 week ago

lifecell

PCI DSS (regular)
SIEM (regular)
DLP (regular)
OWASP (advanced)
About position: Conducting penetration tests, conducting web sites audit and PCI DSS segment audit, web and mobile based incident handling, creating internal documents for information security.
 
Responsibilities:
  • Conducting audit of web and mobile application according to OWASP security requirements and information security standards.
  • Conducting penetration tests according to PCI DSS standard.
  • Analysis of architectural solution on compliance with information security standards when implementing company systems.
  • Making presentations on information security domains for internal users.
  • Participation in the investigation of incidents of information security.
  • Processing internal user requests for application penetration testing.
  • Participation in the projects of web and mobile development for the assessment of the level of information security. 
  • Carrying out of separate assignments of his direct supervisor on other matters of activity on a post.
 
Requirements:
Education: Telecommunication
Experience: 3-5 years 
Language skills: Ukrainian – upper intermediate; English verbal/writing – upper intermediate; technical reading/writing – fluent.
PC Skills: Advanced PC user: MS Excel, Power point, Outlook, Project (preferred), Word, Jira.
 
Special Requirements:
  •  Perform authorised and blackbox security tests on computer systems in order to expose weaknesses in their security that could be exploited by criminals (CTF experience is welcome)
  • OWASP TOP 10 and PCI DSS compliance testing for Windows, Linux and Mac operating systems, web-based interfaces checks, mobile application testing
  • Tools: vulnerability scanners (Nessus), Kali Linux tools, Netsparker, Burpsuite, Sonarqube
  • Embedded computer systems
  • Web/mobile applications, databases security tests
  • *nix, windows security hardening and hack technics understanding, SCADA (supervisory control and data acquisition) control systems, wireless and mobile (3-5G) technologies security knowledge, Internet of Things (IoTs) security
  • Programming languages: any system level (Python, perl, bash or other) and object-oriented programming skills
  • Ability to read code and write automated security checks for API (json, restful, SOAP)
  • Network and organizational security basics understanding
  • Experience of software development and server administration
  • Understanding of basic attack vectors on software applications
  • Experience with discovering of information threads and viruses detection
  • A certificate will be a plus: Offensive Security Certified Professional (OSCP); Certified Ethical Hacker (CEH) Certification
  • Knowledge and ability to support Company Safety Infrastructure (SIEM, DLP, TRAPS, etc.)

To apply for this job please visit cz.talent.com.