Description

The cybersecurity team, together with the production teams at SberTech (architects, developers, testers, etc.), creates and develops an innovative product for the Russian and international markets - Platform V.

The Methodology, Certification, and Licensing Department is an integral part of the cybersecurity team. It provides methodological support to the cybersecurity team and production teams in the area of secure software development requirements according to the regulatory acts of the Regulators, and also leads the processes of preparing and supporting the certification of Information Protection Tools (IPTs) for use in the commercial and public sectors.

Responsibilities

Your tasks:

• participation in the development and implementation of Secure Software Development Practices (SSDP), performing work to assess the compliance of the Company's processes with the requirements of the GOST series on Secure Software Development (GOST R 56939-2024, GOST R 71207-2024, etc.)
• participation in the activities of technical committees (TC-362): analysis of developing regulatory acts in the field of information protection, preparation of comments and proposals (independently or with the involvement of relevant experts), participation in meetings of the TC-362 working group to discuss the requirements of regulatory acts
• participation as an expert in work related to the certification of Information Protection Tools through the FSTEC of Russia line
• development/updating of Internal Normative Documents, Standards, Processes considering SSDP requirements
• conducting consultations for development teams on the application of requirements in Internal Normative Documents and Standards.

Requirements

We expect you to have:

• education: higher technical (preferably in Information Security)
• knowledge and understanding of SSDP practices (SAST, DAST, OSA, fuzzing, pentest, etc.)
• understanding of the Information Protection Tools (IPT) certification process, SSDP processes, information system attestation
• experience in conducting IPT certification
• knowledge of modern means, methods, and ways of protecting information (including protection for virtualization and containerization technologies)
• confident knowledge of Russian legislation in the field of information protection (Personal Data, State Information Systems, Critical Information Infrastructure, Banking Sector): Federal Laws, Government Resolutions, Normative and Methodological Documents of FSTEC/FSB/Bank of Russia, GOST
• competent written (primarily) and oral speech.

Will be a plus:

• experience in developing and implementing SSDP practices
• experience working in IL and OS
• instrumental proficiency in AI for analysis, generation, and automation.

Conditions

Working at SberTech means:

• hybrid work format in an office with a view of the embankment, recreation areas, and a gym
• annual bonus and annual salary review
• status of an accredited IT company with all the benefits
• extended voluntary health insurance from day one and preferential insurance for family members
• Sber Corporate University, internal educational platform, participation in IT conferences
• 90 days of remote work from any region
• preferential mortgage from Sberbank, SberPrime+ subscription, discounts from partners and services of the group of companies.