Security Consultant

DataArt is engaged in IT consulting and software development. Since 1997, we have been designing, developing, modernizing, and supporting solutions that help the businesses of our clients grow. DataArt started out as a company of friends and has a special culture that distinguishes it from other IT outsourcers, such as:

• Flat structure. There are no "bosses" and "subordinates".
• We hire people not to a project, but to the company. If the project (or your work in it) is over, you go to another project or to a paid "Idle".
• Flexible schedule, ability to change projects, to work from home, to try yourself in different roles.
• Minimal bureaucracy and micromanagement, convenient corporate services. 

Required Skills and Experience

• 3+ years of experience in IT
• At least a year of experience in the field of information security (penetration tester, security analyst, etc.)
• Excellent understanding of existing types of vulnerabilities and security threats
• Experience with the vulnerability scoring system CVSS 3.0
• Basic knowledge of any existing methodology for penetration testing (OWASP, WASC, OSSTMM, etc.)
• Experience with specialized tools for manual and automated penetration testing (BurpSuite, Sqlmap, Nmap, Metasploit, Nessus/OpenVAS, Wireshark, KaliLinux etc.)
• Experience in developing custom auxiliary programs with any programming language
• Basic knowledge of various technologies and architectures (Linux, Windows, Cisco, ActiveDirectory, Java, .NET, etc.)
• Basic knowledge of databases and skills in DBMS (one of the following: MSSQL, Oracle, MySQL, PostgreSQL, etc.)
• Experience in communicating personally with a client
• Ability to prepare accurate reports
• Good communication skills
• Stress resistance, self-organization
• Motivation to work and develop professionally in the field of software security
• Good spoken English

Additional Competencies

• Knowledge of cryptography
• Experience in reverse engineering and source code analysis
• Basic knowledge of security standards (PCI DSS, HIPAA, ISO27000, etc.)
• Experience in conducting a full cycle of product security analysis (communicating with the client, clarifying details, performing security analysis, creating and submitting a final report, and consulting) independently