Reach out directly about this role
#AppSec #vacancy
❕An accredited IT company is looking for an AppSec Engineer❕
Company: Systems and Algorithms Salary: 350,000 RUB (gross) Employment Type: Remote Location: Russian Federation Position: Senior
Accredited IT company "Systems and Algorithms" invites an AppSec Engineer to strengthen the security team. We are looking for a specialist who is ready to dedicate most of their time to practical application audits, manual vulnerability discovery, code review, and internal pentests. The main focus is application security at all stages of SDLC, integration of security tools, and interaction with development teams.
⭐️ What we expect from you:
Application Security: • Knowledge of OWASP Top 10; • Understanding of Secure SDLC and Secure by Design principles; • Knowledge of common vulnerability types and methods of exploitation.
Practical Skills: • Conducting application security audits; • Manual source code analysis for vulnerabilities (code review); • Conducting internal web application pentests; • Dynamic application analysis (DAST, manual testing); • Working with Burp Suite and similar tools; • Triage of scan results (SAST/DAST/SCA/Secret Scanning); • Developing recommendations for vulnerability remediation and supporting them until closure.
Architecture and Processes: • Conducting architectural reviews and threat model analysis; • Understanding of software development processes; • Interaction with development teams; • Preparing security requirements and security notes; • Understanding the integration of security tools into SDLC and CI/CD.
Will be a plus: • Experience as a Security Champion / Security BP; • Experience in building Application Security processes; • Experience in managing exceptions (False Positive Management); • Experience in centralizing and correlating results from multiple SAST/DAST tools; • Possession of relevant AppSec certifications.
⭐️ What needs to be done: • Conduct application security audits (web, API, mobile) with an emphasis on manual vulnerability discovery; • Perform code reviews for vulnerabilities and develop remediation recommendations; • Conduct internal pentests of web applications and APIs; • Perform dynamic application analysis (DAST, manual testing); • Perform triage of SAST/DAST/SCA and other security tool results; • Track identified vulnerabilities to full remediation; • Interact with development teams, assist in implementing secure practices; • Participate in architectural reviews and the formation of security requirements; • Integrate security tools into CI/CD and SDLC processes.
📲 Contact information: @Serg06SA @sdobrynin06 +7 969 865 42 25
350,000 RUB
per month
Full-time
Employment
Remote
Work Format
Senior
Grade
Cybersecurity
Specialization
IT & Tech
Industry
Product company
Company Type
By country
IT & Tech
Industry
Product company
Company Type