As a Lead Security Test Engineer, you will live on the front lines of the products we create, and build features used by millions of people every day.
Our client is one of the biggest business information providers in the US and part of the multinational mass media corporation. Our client has a wide range of services and provides different content to clients all over the world.
You will become a part of the team that is working on security engineering and application security for our client’s products and services. Our client recently bought a few IT companies and platforms that aggregate, analyze, and provide specific data. The client needs to incorporate them into its IT landscape smoothly and understands that there are going to be some serious security checks because client’s reputation on the market has to be solid.
We are looking for a strong security professional to lead security team and build a security program. You need to be skilled in both application and infrastructure testing. For application testing: must be familiar with most security tools (Checkmarx, Burp, OWASP etc.) and manual security testing methods (Penetration, etc); both SAST and DAST approaches expert. For infrastructure testing: must be familiar with both local and cloud Security testing methodologies; has experience in automating security testing and building S-SDLC.
Project technologies and tools
- Burp Suite Professional, Checkmarx, Qualys, NSP, Retire.js, w3af, nikto2, nmap, Jenkins, Jira, Gatling, Docker, Docker Compose, Selenium, PyCharm, IntelliJ IDEA, Mocha, Dropbox, Slack, Chrome DevTools, InfluxDb, Grafana, Draw.io
- Leading security automation team
- Creating security automation solution for SAST and DAST
- Creating Docker container for DAST which includes burp-rest-api
- Extending performance test framework for running security scanners
- Implementing logic to get all requests and tokens from application for DAST test using existing performance test
- Creating service to run, start, pause, get report from DAST container using REST API
- Implementing DAST test run in Jenkins CI
- 4+ years of experience in IT security sphere
- 1+ year of leading experience
- Familiar with Checkmarx, Burp, OWASP etc
- Familiar with Penetration, etc
- Strong knowledge of SAST and DAST approaches
- Familiar with local and cloud Security testing methodologies
- Experience in automating security testing and building S-SDLC
- Readiness for business trips
- Upper-intermediate English level
- Competitive compensation depending on experience and skills
- Individual career path in engineering
- Social package - medical insurance, sports
- Compensation for sick lists and regular vacations
- English classes with certified English teachers
- Flexible work hours