Application Security Engineer / Cybersecurity Architect.
Локация: Астана (Удаленная работа).
Опыт: от 3 до 6-х лет.
Зарплата: ₽. Обсуждается на собеседовании.
Компания: KIVORK.
Обязанности:
• Ensuring the security of sensitive data;
• Identify and recommend changes to the security controls, assessing potential risks to data and products, and provide recommendations on mitigation of these risks to acceptable levels;
• Application security, code review, architecture reviews, experience with DevSecOps tools, integrate DevSecOps methodology for the organisation products;
• Perform cloud environment security assessments and hardening;
• Developing practices and templates for security risk assessment and threat modelling;
• Ensure operations are in compliance with security standards CIS, NIST, SOC2, OWASP;
• Analysis of the use of third-party and open source software, libraries, and components;
• Conducting cybersecurity training for employees;
• Advising teams on various security-related issues;
• Suggest tools and techniques to achieve security goals.
Требования:
• Experience in implementing DevSecOps / Secure SDLC;
• Deep knowledge in GDPR, PCI DSS, OWASP SAMM, BSIMM, ISO27001, SOC2;
• Knowledge of AWS cloud platform security and automated testing tools;
• Experience with SAST/DAST, SCA, Elasticsearch, WAF, NGFW, EDR, DLP tools;
• Knowledge of risk assessment tools, technologies and methods;
• Experience in designing secure networks, systems and application architectures;
• Knowledge of disaster recovery and business impact analysis;
• Familiarity with planning, researching and developing security policies and procedures;
• Experience in system administration, supporting multiple platforms and applications;
• Strong personal ethic, discretion, and good interpersonal skills.
👨🏻💻 Откликнуться.
#AppSec #Удаленка
Локация: Астана (Удаленная работа).
Опыт: от 3 до 6-х лет.
Зарплата: ₽. Обсуждается на собеседовании.
Компания: KIVORK.
Обязанности:
• Ensuring the security of sensitive data;
• Identify and recommend changes to the security controls, assessing potential risks to data and products, and provide recommendations on mitigation of these risks to acceptable levels;
• Application security, code review, architecture reviews, experience with DevSecOps tools, integrate DevSecOps methodology for the organisation products;
• Perform cloud environment security assessments and hardening;
• Developing practices and templates for security risk assessment and threat modelling;
• Ensure operations are in compliance with security standards CIS, NIST, SOC2, OWASP;
• Analysis of the use of third-party and open source software, libraries, and components;
• Conducting cybersecurity training for employees;
• Advising teams on various security-related issues;
• Suggest tools and techniques to achieve security goals.
Требования:
• Experience in implementing DevSecOps / Secure SDLC;
• Deep knowledge in GDPR, PCI DSS, OWASP SAMM, BSIMM, ISO27001, SOC2;
• Knowledge of AWS cloud platform security and automated testing tools;
• Experience with SAST/DAST, SCA, Elasticsearch, WAF, NGFW, EDR, DLP tools;
• Knowledge of risk assessment tools, technologies and methods;
• Experience in designing secure networks, systems and application architectures;
• Knowledge of disaster recovery and business impact analysis;
• Familiarity with planning, researching and developing security policies and procedures;
• Experience in system administration, supporting multiple platforms and applications;
• Strong personal ethic, discretion, and good interpersonal skills.
👨🏻💻 Откликнуться.
#AppSec #Удаленка