Эта вакансия уже завершена
Project Overview:
EveryMatrix delivers a modular and API driven product suite including a market leading one-stop shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.
You will be involved in a wide range of projects to create our security program, yet have a specific focus on application security, for both on-premise and SaaS services. You will act as the Subject Matter Expert and work closely with the various teams on security engineering topics.
Responsibilities:
- Security assessment of the Company software products;
- Identifying security flaws within running web-applications and services as part of infrastructure penetration testing and application security reviews;
- Conducting and managing regular vulnerability assessments in accordance with compliance requirements (PCI DSS, ISO/IEC 27001, etc.);
- Working with the infrastructure and development teams to help identify and mitigate vulnerabilities;
- Control over the execution of application security analysis through the entire Software Development Life Cycle;
- Working directly with product teams to enforce security best practices and integrate automated security;
- Being part of a Security Incident Response team;
- Knowledge sharing and security training for internal QA and Development teams.
Requirements:
- 3+ years of experience as a Security Analyst, Pentester, or similar role;
- A passion for security, and the hacker mentality of doing whatever it takes to figure out and solve a problem;
- Knowledge of a broad range of attack vectors and exploits (API, OS, database, network, and code);
- Strong understanding of the OWASP Top Ten security risks and how to mitigate them;
- Ability to manually find and exploit vulnerabilities in web-applications and services;
- Experience with HTML, XML, JavaScript, CSS, SQL, and JSON;
- Experience with common vulnerability scanning and reporting tools (Nessus, Burp Suite, ZAP);
- Good understanding of application security verifications approaches (SAST, IAST, DAST);
- Understanding of cloud environments (GPC, OpenStack);
- Familiar with agile development, bug tracking, git and CI/CD;
- Up-to-date knowledge of the latest security vulnerabilities (e.g. reported CVEs) against systems, web application frameworks, and libraries, including an understanding of their impact and exploitation techniques.
Nice to have:
- Broad experience across several different technology domains (compute, storage, network, database, data center, cloud, desktop, mobile devices, identity & access management, etc.);
- Experience with code-level security auditing, automated static and dynamic code analysis tools;
- Offensive security certifications (OSCP, OSWE, OSCE, CEH, etc.);
- Having experience as a software developer;
- Understanding of compliance frameworks (e.g. GDPR, NIST 800 series, ISO/IEC 27001, PCI DSS);
- Understanding of cloud deployment architecture, cloud security, automation, orchestration, docker and Kubernetes;
Higher Education: Bachelor's Degree.
Oksana Chyvurina
Одна з найбільших українських ІТ-компаній, яка об'єднує понад 3200 спеціалістів
больше 500 сотрудников
с 2002 года на рынке
- Курсы иностранного языка
- Медицинское страхование
- Корпоративный врач/Медпункт
- Компенсация спортзала
- Гибкий график