Popis pozice
Do you have a passion for securing cloud-native environments? The ideal candidate has the skills of an application security engineer, with a background in development or engineering as well as a deep understanding of application security vulnerabilities and mitigations. However, this is a role focused on building, rather than breaking -- instead of penetration testing and security review, this role focuses on researching current security threats and mitigations, and finding ways to apply those to our service portfolio and Secure Development Lifecycle.
What you will do
- ▪Partnering with engineering teams to design, build, select and implement effective technical security controls to detect and alert on security events across the CloudTalk infrastructure and protect the CloudTalk platform and customers.
- ▪Develop features and improvements to the security aspect of our product.
- ▪Participate in and support application security reviews and threat modelling, including code review and dynamic testing.
- ▪Develop, document, and manage the security standards and design patterns used by all engineers to deliver consistent, secure features and code.
- ▪Support and consult with engineering teams in the area of application security.
- ▪Assist in the development of automated security testing to validate that secure coding best practices are being used.
- ▪Analyze the security of our product and suggest improvements.
- ▪Design, develop and maintain security measures at the highest level of security standards.
- ▪Providing security subject matter expertise and training to teams across the company.
What we are looking for
- ▪2+ years of experience as a Product Security Engineer or Application Security Engineer or Architect.
- ▪Familiarity with common security libraries, security controls, and common security flaws.
- ▪Basic development or scripting experience and skills. Node.js or GOlang is preferred.
- ▪Experience with OWASP, static/dynamic analysis, and common security tools.
- ▪A basic understanding of network and web-related protocols (such as TCP/IP, UDP, protocols).
- ▪Experience identifying security issues through code review.
- ▪Excellent interpersonal, problem-solving, and management skills.
- ▪Strong written and verbal communication skills.