This is a remote position.
DISCLAIMER: This job posting is intended for active pooling of candidates who will become part of our talent pool. Your qualifications will be assessed against both current and future job openings. Should your application align with a role that corresponds to your skills and experience, and an opportunity arises, our recruitment team will reach out to you immediately. Please note that this does not guarantee immediate placement or contact. Additionally, we exclusively consider applications from individuals who are currently reside in the US/Canada during their application process.
Salary: $65,000 - $75,000 per annum
Experience Required: Minimum 1 year of project experience
Tasks
- Tasks within the SDLC process: analysis of analyzer results, rule refinement, evaluation of their effectiveness;
- Source code analysis of applications in Java;
- Conducting internal penetration tests;
- Diving into the workings of containerized applications, understanding their implementations;
- Preparing recommendations for identified vulnerabilities, taking into account the specifics of the technological stack and implementations.
Requirements
- Experience with DAST (AFL, Fuzzing, Burp), including creating custom “farms”;
- Experience in conducting pen tests for virtualized infrastructure;
- Experience in analyzing mobile applications;
- Programming skills in Java;
- Experience with k8s, Docker;
- Experience with traffic analyzers (Wireshark, etc.);
- Experience in automating routine security processes;
- Understanding of modern software development processes and practices: Agile, SDLC, DevOps, CI/CD;
- Competent written and verbal communication skills (English B1, Russian B2+).
- Successful participation in Bug Bounty programs;
- CTF experience;
- Familiarity with OWASP Testing Guide, OWASP Code Review Guide, OWASP Secure Coding Practices;
- Experience working with and supporting HashiCorp Vault;
- Experience with network vulnerability scanners (Nessus, XSpider, MaxPatrol, etc.).