Application Security Officer

от 200 000 до 420 000 руб. до вычета НДФЛ

Вакансия в архиве

Работодатель, вероятно, уже нашел нужного кандидата и больше не принимает отклики на эту вакансию

Показать описание вакансии

Требуемый опыт работы: более 6 лет

Полная занятость, полный день

THE ROLE

We are looking for a person who will be responsible for increasing Security Awareness of Insolar Blockchain Platform and making our products more robust and secure. This challenging goal includes lots of activities: advocating a consistent approach to Security through the whole SDLC for both Customer and Development Team, tracking and helping all Security-related activities, diving deep into project details, creation of security-related artifacts, contributing to Security Testing, etc. We expect that you are strong at software and application security, experienced in reviewing the design and source code and penetration testing and have good command in developing and improving the security process and new security functionality

RESPONSIBILITIES

  • Establish the Secure Design (Threat Model) for development projects
  • Review the Application Security Source Code for all products and platforms
  • Act as our liaison in all 3rd-party Application Security Penetration Testing
  • Lead in preparation of vulnerability response process, impact assessments and remediation plans
  • Actively propose the design and code changes to meet product security objectives and remedy security findings
  • Perform Security Audits for projects: both Architecture and Implementation/Code Review
  • Analyze and identify security vulnerabilities in existing and new functionality in the Platform and applications, including execution and storage layers and data exchange procedures
  • Implement SDLC process
  • Build/deploy/maintain security controls, instrumentation and infrastructure for detecting weak points

IDEAL CANDIATE

  • Understanding of Threat Models
  • Practical knowledge of pentest and vulnerability scanning toolset
  • Practical understanding of all common types of attacks
  • Ability to use the tools to perform actual attacks is a plus
  • Practical knowledge of at least one Security Development methodologies
  • Knowledge of main Security-related activities in development such as Risk and Privacy Assessment, Threat Modeling, Security Code Review
  • Understanding of main security principles, such as multi-layered protection (Defense in Depth)
  • Understanding of main areas of protection (Security, Privacy, Availability) and levels of defense (networking, infrastructure, OS, Application)
  • Understanding of mitigation mechanisms for every type of threats (e.g. validation, sanitizing, crypto-operations, etc)
  • Understanding of basic principles of infrastructure security and penetration testing
  • Experience with Docker security and threat modeling systems (STRIDE, Attack Trees, etc)
  • Understanding of main cryptographic concepts and techniques: secret and public-key cryptography, trust models, widely used algorithms and protocols (DES, AES, RSA, TLS, elliptic curve cryptography and others). Familiarity with key management infrastructure.

ABOUT INSOLAR

Insolar combines pragmatic, real-world business experience with some of the best technology talent in the distributed ledger space. We have 70 people in Europe and North America, including 50-strong R&D team.

We are passionate about transforming the world with advanced technologies. We believe our solutions will make the world more efficient, transparent and connected.

OUR PRINCIPLES

Many companies have value statements, but often these written values or principles are vague and ignored. The real principles of a firm are shown by who gets rewarded or let go. Below are our real principles, the specific behaviors and skills we care about most.

Customer Obsession

  • We start with the customer and work backwards
  • We work vigorously to earn and keep customer trust
  • We pay attention to competitors, but are obsessed over customers

Deliver Results

  • We focus on key inputs for business and deliver them with the right quality and in a timely fashion
  • Despite setbacks, we rise to the occasion and never settle

Highest Standards

  • We relentlessly maintain high standards even if many people may think these standards are unreasonably high
  • We continually raise the bar and drive our team to deliver high quality products, services and processes
  • We ask question about actions inconsistent with our principles
  • We are critical of the status quo
  • We ensure that defects do not get sent down the line and that problems are fixed so they stay fixed

Radical Transparency

We say what we think to our colleagues when it is in the best interest of the company, even if it is uncomfortable to do so

Ownership

  • We act on behalf of the entire company and seek what is best for the company
  • We think long term and don’t sacrifice long-term value for short-term results
  • We never say “that’s not my job” and always help colleagues

Think Big

  • We create and communicate a bold direction that inspires results
  • We think differently and from a new perspective

Invent

  • We expect and require innovation and invention from our team and ourselves
  • Learn and Be Curious
  • We are externally aware and look for new ideas everywhere
  • We never finish learning and always seek to improve ourselves

Hire and Develop the Best

  • We raise the performance bar with every hire and promotion
  • We recognize exceptional talent, and willingly move those talented people throughout the organization
  • We take seriously our role in coaching others

Lean

We accomplish more with less because constraints breed resourcefulness, self-sufficiency and invention

One Team

  • We help each other to succeed
  • We nurture and embrace differing perspectives to make better decisions

Адрес

Павелецкая, Павелецкая, Москва, Павелецкая площадь, 2с1
Показать на карте
­

Вакансия опубликована 18 июля 2019 в Москве

Написать сопроводительное письмоПисьмо отправлено

Сопроводительное письмо к отклику