Application Security Engineer | Részletek
One Identity Hungary Kft.

Application Security Engineer

One Identity Hungary Kft.

Munkavégzés helye
Budapest
Frissítve
2021. április 21.
Otthoni/távmunka engedélyezett
Megegyezés szerint
Munkaszerződés
Folyamatos
Fizetési sáv
Megegyezés szerint
Munkavégzés típusa
Teljes munkaidő
Elvárt szakmai tapasztalat
IT / telekommunikáció
5+ év
Rendszerüzemeltető

Szükséges tudás és ismeretek

CISSP
Security testing tools
Azure
C#
C++
Python
MSSQL
PowerShell
JavaScript
OWASP Top 10
CWE Top 25

Szükséges nyelvtudás

Angol Tárgyalási

Elvárt végzettség

Felsőfokú
CISSP
Security testing tools
Azure
C#
C++
Python
MSSQL
PowerShell
JavaScript
OWASP Top 10
CWE Top 25

Szükséges nyelvtudás

Angol Tárgyalási

Elvárt végzettség

Felsőfokú

Szükséges főbb készségek

Igyekszik megfelelni
Hivatalos
Maximálisan képes figyelni a munkájára
Adatok alapján dönt
Szeret kezdeményezni
Leleményes
Magas szakmai minőség
Átlátja a rendszereket
Képes jól összpontosítani

Részletek

Overview

This position will be responsible for regular code reviews, improving the secure development and testing procedures, investigating reported product vulnerabilities and prioritizing remediation or mitigation efforts.

Responsibilities

  • Threat Modelling – work with the development teams to ensure that threat modelling is performed for all product updates and enhancements
  • Incorporate automated and manual security testing (SAST/DAST/SCA/fuzz testing) into all product pipelines. Perform manual penetration testing using advanced tools
  • Participate in the Product Security Incident Response effort for all One Identity products. Assess reported or discovered vulnerabilities and prioritize remediation.
  • Develop and/or improve, maintain, and monitor Secure Build infrastructure to ensure the security and integrity of application code delivered to customers
  • Work with development teams, and provide training to Security Champions and other R&D personnel to continue to shift security left
  • Maintain knowledge of application security related vulnerabilities, including cryptographic implementations and mitigation strategies

Qualifications

  • CISSP or equivalent required.
  • Experience with security testing tools.
  • Experience securing cloud applications and infrastructure, particularly in Azure
  • Working knowledge of C, C#, C++, Python, SQL, Powershell, Javascript, SQL
  • Extensive knowledge of cryptographic algorithms and key management practices
  • Deep knowledge of OWASP Top 10, CWE Top 25, common programming errors, and the ability to assist developers in preventing or correcting them
  • Able to gain trust from and communicate effectively with deeply technical software development engineers
  • Written and spoken fluency in English

Desirable skills:

  • CEH, OSCP, GPEN, CompTIA Pen-Test+ or equivalent certification
  • Deep experience with Coverity/Polaris, Whitesource, Acunetix, and numerous manual testing tools such as Burp Suite, Wireshark, SQLMap, NMAP, Metasploit, sandboxing tools, etc
  • Experience integrating security into an Agile environment
  • Ability to author and/or critique procedures, white papers, security guides

The ideal candidate is a highly-motivated individual who can work as part of a team or independently as required by the circumstances. Must have a strong interest and background in secure coding techniques, as well as the abilitiy to assess and appropriately prioritize security vulnerabilities. Deep experience using security testing tools and frameworks.

Company Description

One Identity enables organizations of all sizes to better secure, manage, monitor, protect, and analyze information and infrastructure to help fuel innovation and drive their businesses forward. With team members around the globe, we intend to continue to grow revenues and add value to customers.

When you join our team, you will have the opportunity to build and develop products at a scale few others can provide. Our product portfolio serves a large base of customers and we are addressing the strategic imperatives for enterprise businesses. Working with some of the most talented employees the industry has to offer, we provide enhanced career opportunities for team members to learn and grow in a rapidly changing environment.

Why work with us?

  • Life at One Identity means collaborating with dedicated professionals with a passion for technology.
  • When we see something that could be improved, we get to work inventing the solution.
  • Our people demonstrate our winning culture through positive and meaningful relationships.
  • We invest in our people and offer a series of programs that enables them to pursue a career that fulfills their potential.
  • Our team members’ health and wellness is our priority as well as rewarding them for their hard work.

One Identity is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: One Identity is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at One Identity are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. One Identity will not tolerate discrimination or harassment based on any of these characteristics. One Identity encourages applicants of all ages.

Overview

This position will be responsible for regular code reviews, improving the secure development and testing procedures, investigating reported product vulnerabilities and prioritizing remediation or mitigation efforts.

Responsibilities

  • Threat Modelling – work with the development teams to ensure that threat modelling is performed for all product updates and enhancements
  • Incorporate automated and manual security testing (SAST/DAST/SCA/fuzz testing) into all product pipelines. Perform manual penetration testing using advanced tools
  • Participate in the Product Security Incident Response effort for all One Identity products. Assess reported or discovered vulnerabilities and prioritize remediation.
  • Develop and/or improve, maintain, and monitor Secure Build infrastructure to ensure the security and integrity of application code delivered to customers
  • Work with development teams, and provide training to Security Champions and other R&D personnel to continue to shift security left
  • Maintain knowledge of application security related vulnerabilities, including cryptographic implementations and mitigation strategies

Qualifications

  • CISSP or equivalent required.
  • Experience with security testing tools.
  • Experience securing cloud applications and infrastructure, particularly in Azure
  • Working knowledge of C, C#, C++, Python, SQL, Powershell, Javascript, SQL
  • Extensive knowledge of cryptographic algorithms and key management practices
  • Deep knowledge of OWASP Top 10, CWE Top 25, common programming errors, and the ability to assist developers in preventing or correcting them
  • Able to gain trust from and communicate effectively with deeply technical software development engineers
  • Written and spoken fluency in English

Desirable skills:

  • CEH, OSCP, GPEN, CompTIA Pen-Test+ or equivalent certification
  • Deep experience with Coverity/Polaris, Whitesource, Acunetix, and numerous manual testing tools such as Burp Suite, Wireshark, SQLMap, NMAP, Metasploit, sandboxing tools, etc
  • Experience integrating security into an Agile environment
  • Ability to author and/or critique procedures, white papers, security guides

The ideal candidate is a highly-motivated individual who can work as part of a team or independently as required by the circumstances. Must have a strong interest and background in secure coding techniques, as well as the abilitiy to assess and appropriately prioritize security vulnerabilities. Deep experience using security testing tools and frameworks.

Company Description

One Identity enables organizations of all sizes to better secure, manage, monitor, protect, and analyze information and infrastructure to help fuel innovation and drive their businesses forward. With team members around the globe, we intend to continue to grow revenues and add value to customers.

When you join our team, you will have the opportunity to build and develop products at a scale few others can provide. Our product portfolio serves a large base of customers and we are addressing the strategic imperatives for enterprise businesses. Working with some of the most talented employees the industry has to offer, we provide enhanced career opportunities for team members to learn and grow in a rapidly changing environment.

Why work with us?

  • Life at One Identity means collaborating with dedicated professionals with a passion for technology.
  • When we see something that could be improved, we get to work inventing the solution.
  • Our people demonstrate our winning culture through positive and meaningful relationships.
  • We invest in our people and offer a series of programs that enables them to pursue a career that fulfills their potential.
  • Our team members’ health and wellness is our priority as well as rewarding them for their hard work.

One Identity is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: One Identity is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at One Identity are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. One Identity will not tolerate discrimination or harassment based on any of these characteristics. One Identity encourages applicants of all ages.