Вакансия из Telegram канала - Мэтч & Сопровод
Покажет вашу совместимость и напишет письмо
Описание вакансии
Application Security Engineer.
Location: #Prague or #Remote.
Salary: Competitive.
Employer: Confirmo Ltd.
Responsibilities:
Secure Development & Code Security (primary focus):
• Embed in the development process: join planning sessions, lead threat modeling, and review security-critical PRs as a collaborative partner, not a gatekeeper.
• Continuously assess the codebase, prioritizing high-risk areas: authentication, authorization, cryptography, API security, and sensitive data handling.
• Own SDLC security tooling: introduce and maintain SAST, dependency scanning, secret detection, and other automated checks across CI/CD pipelines.
• Secure the build and deployment pipeline: enforce code signing, access controls, and supply chain integrity to keep unauthorized or compromised code out of production.
• Manage vulnerabilities end to end: from triage through coordinated remediation and verification.
• Build a security-conscious engineering culture: through code reviews, knowledge sharing, and making security a natural part of how the team ships.
Infrastructure & General Security (secondary focus):
• Partner with our CISO on gap analysis between security standards and cloud infrastructure practices, and drive improvements.
• Support Blue Team operations - contribute to log management, detection rules, and alert investigation via SIEM and observability platforms.
• Maintain edge and network security configurations, including Cloudflare WAF, rate limiting, and access rules.
• Contribute to security policies and compliance efforts across employee devices and frameworks such as ISO 27001, SOC 2, and DORA.
Requirements:
• Software development experience: At least 3+ years of professional experience as a software developer. You have written production code, understand how real-world applications are architected and shipped, and can read and review code with confidence. We primarily use Java, but strong proficiency in another language (TypeScript, C#, Go, etc.) is perfectly fine.
• Application security expertise: Deep understanding of the OWASP Top 10 and secure coding principles. You can spot vulnerabilities in code - not just in theory, but in practice during code reviews and architecture discussions.
• Threat modeling: Ability to look at a feature design or system architecture and systematically identify what could go wrong, and propose practical mitigations before implementation begins.
• Secure SDLC understanding: You know how to integrate security into every phase of the development lifecycle, from design reviews through automated checks in CI/CD pipelines to production monitoring.
• Cloud security fundamentals: Understanding of public cloud security (preferably AWS), IAM, network segmentation, secrets management, and secure service configuration.
⚡
#Удаленка #AppSec
Location: #Prague or #Remote.
Salary: Competitive.
Employer: Confirmo Ltd.
Responsibilities:
Secure Development & Code Security (primary focus):
• Embed in the development process: join planning sessions, lead threat modeling, and review security-critical PRs as a collaborative partner, not a gatekeeper.
• Continuously assess the codebase, prioritizing high-risk areas: authentication, authorization, cryptography, API security, and sensitive data handling.
• Own SDLC security tooling: introduce and maintain SAST, dependency scanning, secret detection, and other automated checks across CI/CD pipelines.
• Secure the build and deployment pipeline: enforce code signing, access controls, and supply chain integrity to keep unauthorized or compromised code out of production.
• Manage vulnerabilities end to end: from triage through coordinated remediation and verification.
• Build a security-conscious engineering culture: through code reviews, knowledge sharing, and making security a natural part of how the team ships.
Infrastructure & General Security (secondary focus):
• Partner with our CISO on gap analysis between security standards and cloud infrastructure practices, and drive improvements.
• Support Blue Team operations - contribute to log management, detection rules, and alert investigation via SIEM and observability platforms.
• Maintain edge and network security configurations, including Cloudflare WAF, rate limiting, and access rules.
• Contribute to security policies and compliance efforts across employee devices and frameworks such as ISO 27001, SOC 2, and DORA.
Requirements:
• Software development experience: At least 3+ years of professional experience as a software developer. You have written production code, understand how real-world applications are architected and shipped, and can read and review code with confidence. We primarily use Java, but strong proficiency in another language (TypeScript, C#, Go, etc.) is perfectly fine.
• Application security expertise: Deep understanding of the OWASP Top 10 and secure coding principles. You can spot vulnerabilities in code - not just in theory, but in practice during code reviews and architecture discussions.
• Threat modeling: Ability to look at a feature design or system architecture and systematically identify what could go wrong, and propose practical mitigations before implementation begins.
• Secure SDLC understanding: You know how to integrate security into every phase of the development lifecycle, from design reviews through automated checks in CI/CD pipelines to production monitoring.
• Cloud security fundamentals: Understanding of public cloud security (preferably AWS), IAM, network segmentation, secrets management, and secure service configuration.
#Удаленка #AppSec
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →
Текст вакансии взят без изменений
Источник -
