Back to search
Luxoft Serbia Linkedin · Posted 5d ago

Senior Application Security Analyst

Belgrade

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Project description

We are a team of Application Security enthusiasts who have been helping create secure applications for a huge telecom provider in Europe for over 15 years.

We know how to break apps and how to make them unbreakable.


Responsibilities


  • Development of security requirements at early stages of the product life cycle.
  • Preparation of test scenarios for an audit that are based on business requirements, technical documentation for a project and a list of affected systems.
  • Identification of defects and vulnerabilities in new and existing software products using the following methods:
  • Static code analysis (mainly Java and J2EE applications, iOS and Android mobile apps) using HPE-MicroFocus Fortify SCA;
  • Dynamic code analysis and scanning for vulnerabilities using Burp Suite and OWASP ZAP;
  • Manual penetration tests on software products deployed on a test environment.
  • Development of recommendations for software developers for addressing the security flaws identified.
  • Optimization and automation of the audit process.
  • Configuration (creation of new rules) of SAST and DAST tools.


Skills


Must have


  • Understanding of architecture and working principles of modern web applications.
  • Higher education in IT or math
  • Strong knowledge of basic concepts of information security.
  • Strong knowledge of defect types (CWE/SANS Top 25 Most Dangerous Software Errors), vulnerabilities and information security risks in web and mobile applications (OWASP Top 10), as well as ways of detecting and mitigating them.
  • More than 2 years of working experience as Application Security Engineer or on a similar position (Penetration testing, etc.).
  • Strong knowledge of programming languages (Java) and scripting languages (Python, powershell, bash).


Nice to have


  • Relevant information security certifications: OSCP, CEH, OSWE.
  • Knowledge of/experience with international information security standards and personal data protection standards: ISO 27XXX, PCI DSS, GDPR, etc.
  • Knowledge of/experience with information security standards and frameworks: SAML, OAuth, WS-Security, X.509, SAML, JAAS, SSL/TLS, OpenSSO, OpenIAM, etc.
  • Experience in CTF or bug bounty programs.
  • Experience in web or mobile apps development.


Languages

English: B2 Upper Intermediate

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent