Эта вакансия уже завершена
Terrasoft is a leading low-code, process automation, and CRM company. It has been highly recognized as a market leader by key industry analysts. We create a world where any business idea can be automated in minutes.
Our main product is Creatio system, a platform based on a distributed architecture that uses the SPA solution approach. Our R&D department works regarding the principle of Continuous Integration. We also use the following practices: TDD, Code Review, Pair Programming and Scrum.
This year we are scaling our R&D team, so we invite an experienced Security Analyst to join our team.
We expect our successful candidate to:
- assist in the preparation of tender documents
- communicate with customers about the security of the company's product line
- communicate with external parties (auditors, independent experts) on security issues of the company's product line
- task development teams to eliminate vulnerabilities and improve the security functionality of the company's product line; control their execution
- systematize and update the knowledge base with clients' typical questions on information security
- assess products, partners and suppliers compliance with information security requirements
- review company's information security policies and procedures
- update information security policies and processes in accordance with the requirements of ISO 27001, GDPR, HIPAA, etc.
- monitor the implementation of information security processes and prepare the necessary records and evidence on the implementation of information security processes
Desired skills and qualifications
- 2 years of practical experience in the field of information security
- Higher education in computer science or 5+ years of practical experience with higher education in other areas
- Practical experience in communication with customers, partners, suppliers, and vendors on information security issues in products and services
- Knowledge and understanding of the basic means of information security (for example, Anti-Virus, Firewall, IPS / IDS, DLP, VPN, TLS, etc.)
- OWASP Top 10 knowledge and expertise in implementation and vulnerability management mechanisms
- Knowledge and understanding of information security standards - ISO 27001, GDPR, NIST, PCI DSS
- Fluent English
We will consider it to be an advantage
- Experience with security research tools for web applications and source codes (Qualys Web Application Security, Acunetix, SonarQube, Black Duck, Checkmarx, Fortify, OWASP ZAP, Burp, etc.)
- Experience in researching web application vulnerabilities
- Participation in projects aimed to prepare the company's services, products and processes for compliance with international and industry safety standards - ISO 27001, SOC2, PCI DSS
What we offer:
- competitive salary
- flexible working hours
- corporate English courses
- medical insurance
- gym, food court, football and basketball teams, table tennis
- comfortable office near metro station Demeevskaya with the bicycle and car parking
Набока Виктория