Security Analyst

Terrasoft is a leading low-code, process automation, and CRM company. It has been highly recognized as a market leader by key industry analysts. We create a world where any business idea can be automated in minutes.

Our main product is Creatio system, a platform based on a distributed architecture that uses the SPA solution approach. Our R&D department works regarding the principle of Continuous Integration. We also use the following practices: TDD, Code Review, Pair Programming and Scrum.

This year we are scaling our R&D team, so we invite an experienced Security Analyst to join our team.

We expect our successful candidate to:

• assist in the preparation of tender documents
• communicate with customers about the security of the company's product line
• communicate with external parties (auditors, independent experts) on security issues of the company's product line
• task development teams to eliminate vulnerabilities and improve the security functionality of the company's product line; control their execution
• systematize and update the knowledge base with clients' typical questions on information security
• assess products, partners and suppliers compliance with information security requirements 
• review company's information security policies and procedures 
• update information security policies and processes in accordance with the requirements of ISO 27001, GDPR, HIPAA, etc.
• monitor the implementation of information security processes and prepare the necessary records and evidence on the implementation of information security processes

Desired skills and qualifications

• 2 years of practical experience in the field of information security
• Higher education in computer science or 5+ years of practical experience with higher education in other areas
• Practical experience in communication with customers, partners, suppliers, and vendors on information security issues in products and services
• Knowledge and understanding of the basic means of information security (for example, Anti-Virus, Firewall, IPS / IDS, DLP, VPN, TLS, etc.)
• OWASP Top 10 knowledge and expertise in implementation and vulnerability management mechanisms
• Knowledge and understanding of information security standards -  ISO 27001, GDPR, NIST, PCI DSS
• Fluent English

We will consider it to be an advantage

• Experience with security research tools for web applications and source codes (Qualys Web Application Security, Acunetix, SonarQube, Black Duck, Checkmarx, Fortify, OWASP ZAP, Burp, etc.)
• Experience in researching web application vulnerabilities
• Participation in projects aimed to prepare the company's services, products and processes for compliance with international and industry safety standards - ISO 27001, SOC2, PCI DSS

What we offer:

• competitive salary
• flexible working hours
• corporate English courses
• medical insurance
• gym, food court, football and basketball teams, table tennis
• comfortable office near metro station Demeevskaya with the bicycle and car parking