Application Security Engineer (Cybersecurity)

TL;DR

Application Security Engineer (Cybersecurity): Conducting security audits and vulnerability management for web applications with an accent on processing automated scan results (SCA, SAST, DAST, secret scan) and interaction with development teams. Focus on reproducing BugBounty vulnerabilities and conducting security awareness activities.

Location: Hybrid role based in Kazakhstan. Candidates must confirm they do not reside in or perform work from Russia, Belarus, Cuba, Iran, North Korea, Syria, Crimea region, So-Called Donetsk People’s Republic, Luhansk People’s Republic, Zaporizhzhia, and Kherson regions.

Company

hirify.global is a global mobility and urban services platform providing ride-hailing and other services.

What you will do

• Conduct web application audits.
• Process results of automatic scans of source code (secrets, vulnerable dependencies, SAST, DAST).
• Interact with development teams to fix vulnerabilities.
• Conduct security awareness activities.
• Reproduce vulnerabilities obtained from the BugBounty platform and create regress tests.

Requirements

• Higher education in IT, ideally information security.
• Knowledge of at least one high-level programming language (ideally Golang).
• Experience in IT from 1 year.
• Basic skills in working with operating systems and databases.
• Basic understanding of OWASP Top 10 vulnerabilities.
• Ability to learn quickly.
• Hybrid work in Kazakhstan is required.
• Must not reside in or perform work from Russia, Belarus, Cuba, Iran, North Korea, Syria, Crimea region, So-Called Donetsk People’s Republic, Luhansk People’s Republic, Zaporizhzhia, and Kherson regions.

Culture & Benefits

• Consulting development teams on security issues.
• Support of the Bug Bounty program.
• Conducting awareness events: Secure development course, phishing simulations, Capture The Flag competitions.