Application Security Engineer

Описание

As Acronis is dedicated not just to Cyber Protection but to the general protection of its potential and current employees, recruitment and onboarding process are being held online during the current global COVID-19 situation.
Acronis leads the world in cyber protection - solving safety, accessibility, privacy, authenticity, and security (SAPAS) challenges with innovative backup, security, disaster recovery, and enterprise file sync and share solutions that run in hybrid cloud environments: on-premises, in the cloud, or at the edge. Enhanced by AI technologies and blockchain-based data authentication, Acronis protects all data, applications and systems in any environment, including physical, virtual, cloud, and mobile.

With dual headquarters in Switzerland and Singapore, Acronis protects the data of more than 5 million consumers and 500,000 businesses in over 150 countries and 20 languages.

People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect
applications.

RESPONSIBILITIES:

Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
Your typical day will look like:
A call or two with Development, Product Management teams to discuss security-related issues
Review of new tickets @ http://hackerone.com/acronis.
Penetration test of new features
Work with the Infrastructure Security and Security Compliance teams on projects like security hardening of existed
components.
Helping other security teams with expertise, knowledge, and advice

SKILLS & EXPERIENCE:

2+ years experience in Application Security
Strong knowledge of the modern web/ mobile/ network security
Basic programming skills with Go or Python
Any public researchers, tools, disclosed tickets are a big plus
Readiness to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses(Windows Security) Your opinion about LPE from Admin to the System user
How to count possible compromised accounts?
To write a simple exploit or a few lines of code that allows checking some kind of attacking vector
At least Upper-intermediate level of English

WE OFFER:

Attractive remuneration
Public Transport Support
Multisport card
Additional Health & Dental insurance
Annual paid leave of 25 working days
Free fresh fruits in the office
Free drinks (Coffee/Tea/Water)
Free parking slot
Tickets for conferences and seminars
Challenging atmosphere and interesting projects
Future career development in a multinational company
Offsite events and parties
#LI-RK1

Изисквания към кандидата

Езикови познания:
Английски език

Трудов опит:
С професионален опит над 3 г.

Образование:

Ние предлагаме

Вид заетост:

Срок на заетост:

Договор:

Ниво в йерархията:
Експертен персонал без ръководни функции

Категория:

ИТ и Компютърни специалисти

Държава:

България

Населено място:

Гр. София

Адрес:

гр. София, ул. Сан Стефано 22, ет. 3

Дата:

28.09.2023

Организация:

Acronis
Фирма/Организация - Директно търсеща служители

Детайли за организацията:

Повече информация за Acronis може да получите ТУК