Description

Our team is looking for a Web Application Security Specialist.

You will be responsible for testing the company's web applications and testing the security of a mobile application.

Responsibilities

• Conducting regular penetration testing of the company's web applications;
• Security testing of the mobile application (API, interaction with the backend);
• Searching for and exploiting application logic vulnerabilities;
• Performing manual and semi-automatic vulnerability analysis;
• Preparing reports on the results of completed checks: description, PoC, risk level, remediation recommendations;
• Working with reports from penetration testing and Bug Bounty programs;
• Interacting with developers and DevOps during vulnerability analysis and remediation, setting tasks for vulnerability fixes;
• Testing the effectiveness of security measures (WAF, rate-limiting, auth mechanisms);
• Participating in threat modeling for new and modified features, participating in product acceptance testing.

Requirements

• Experience in vulnerability hunting as a web penetration tester, bug bounty hunter, or Red Team member;
• Practical hands-on experience in manual web application testing;
• Knowledge of OWASP Top 10 and common classes of web vulnerabilities;
• Understanding of web application principles, HTTP(S), WSS;
• Experience testing authentication and authorization: sessions, cookies, JWT, OAuth2 / OpenID Connect (at the level of attacks and common misconfigurations);
• Skills in working with pentesting tools: Burp Suite, OWASP ZAP, Nuclei, Dirsearch, ffuf, wfuzz, Feroxbuster, kiterunner, Altdns, Amass, nsec3map, Subfinder;
• Experience using and modifying PoCs, exploits, writing helper scripts (Python, Bash, etc.);
• Solid knowledge of Linux;
• Understanding of network technologies: OSI model, routing, protocols;
• Knowledge of WAF principles and limitations;
• Proficiency in using AI for analysis, generation, and automation.

Conditions

• Hybrid work format (modern office in Moscow on Prospekt Mira);
• Favorable mortgage loan conditions;
• Free SberPrime+ subscription, discounts on partner company products: Okko, Sber Market, Delivery Club, Samokat, Citimobil, Sber Eapteka, and others;
• Health insurance from day one and preferential insurance for family members;
• Corporate pension program;
• Children's recreation and gifts provided by the company;
• Company-sponsored training: online courses in Sber's Virtual School and unlimited access to the library, training at the Corporate University, workshops, meetups, and the opportunity to obtain a new qualification;
• Discounts on vacations at the world's best resort complex "Mriya Resort & SPA" in Yalta.