Вакансии в ИБ | infosec
@infosec_work
Senior Application Security Engineer.
Location: Remote (USA).
Salary: $160K – $200K.
Employer: Cyberhaven.
Responsibilities:
• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software;
• Develop / Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats;
• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines;
• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies;
• Vulnerability Management: Supporting role to track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts;
• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents;
• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
Requirements:
• 5+ years of software development experience, ideally with exposure to information security or AppSec;
• Strong grasp of secure coding, threat modeling, and vulnerability management across the SDLC;
• Proficient in Go, Python, or Java, and experienced with CI/CD pipelines and GitHub;
• Hands-on with security tools and frameworks (SAST, DAST, SCA—e.g., Snyk, Semgrep, OWASP ZAP, Burp);
• Understanding of core Information Security capabilities such as: malware, vulnerabilities, exploits, attacks, firewalls, intrusion detection/prevention systems, etc.;
• SME in at least one of the following: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing;
• Able to interpret and prioritize security data, partnering effectively with developers to remediate issues;
• Strong communicator who can influence and collaborate across engineering and security teams;
• Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform);
• Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz);
• Relevant certifications (ISC?, ISACA, or GCP) and a degree in Computer Science or related field;
• Background securing AI infrastructure or model deployments;
• Strong analytical, time management, and problem-solving skills in fast-paced environments.
Apply.
#Удаленка #AppSec
Location: Remote (USA).
Salary: $160K – $200K.
Employer: Cyberhaven.
Responsibilities:
• Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software;
• Develop / Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats;
• Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines;
• Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies;
• Vulnerability Management: Supporting role to track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts;
• Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents;
• Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
Requirements:
• 5+ years of software development experience, ideally with exposure to information security or AppSec;
• Strong grasp of secure coding, threat modeling, and vulnerability management across the SDLC;
• Proficient in Go, Python, or Java, and experienced with CI/CD pipelines and GitHub;
• Hands-on with security tools and frameworks (SAST, DAST, SCA—e.g., Snyk, Semgrep, OWASP ZAP, Burp);
• Understanding of core Information Security capabilities such as: malware, vulnerabilities, exploits, attacks, firewalls, intrusion detection/prevention systems, etc.;
• SME in at least one of the following: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing;
• Able to interpret and prioritize security data, partnering effectively with developers to remediate issues;
• Strong communicator who can influence and collaborate across engineering and security teams;
• Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform);
• Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz);
• Relevant certifications (ISC?, ISACA, or GCP) and a degree in Computer Science or related field;
• Background securing AI infrastructure or model deployments;
• Strong analytical, time management, and problem-solving skills in fast-paced environments.
Apply.
#Удаленка #AppSec
? 3
? 3
15 2.6K
Обсуждение 0
Обсуждение не доступно в веб-версии. Чтобы написать комментарий, перейдите в приложение Telegram.
Обсудить в Telegram