Вакансия: AppSec Engineer
Описание вакансии
About HRS
HRS is Oracle s largest hospitality partner worldwide, providing coverage in 90 countries to more than 10,000 customers. Recognised as an official Oracle Hospitality Partner, HRS offers its customers a wide range of innovative solutions, including Property Management, POS, Spa & Guest Activities, Mobile Applications, and more.
MAIN REQUIREMENTS:
- 1 year+ experience in AppSec/DevSecOps.
- Information security tools experience (SAST, DAST, IAST, Secret Management, WAF etc.).
- Technical skills in vulnerability detection and security analysis of web and mobile applications.
- Knowledge of AppSec and DevSecOps standards and best practices.
- Experience with UNIX/Linux and understanding of the internal OS security mechanisms
- Knowledge of network technologies and protocols, understanding of the principles of configuring local networks (TCP/IP, DNS, routing, DHCP, NAT, Proxy, principles of firewall operation)
Beneficial will be:
- Participation in a Bug Bounty program and up to date CTF (preferred).
- Experience with version control systems (Git) and automatic integration (Gitlab-CI).
- Knowledge of Java.
- Knowledge of Python or any other script language.
- Knowledge of Docker.
- Knowledge of integration or use of SIEM/XDR, PAM, IAM.
- Skills in bare metal security, virtual machines, hypervisors, computer infrastructure and system security (k8s hardening, runtime security, Network policies, RBAC, secret management, container security).
- Skill in information security incident investigations.
MAIN RESPONSIBILITIES:
Primary task Implement and maintain AppSec processes:
- Cooperate with developers, embed automated controls into development lifecycles, perform code analysis, maintain knowledge base.
- Analyze the security of web and mobile applications within the AppSec process and at requests of business units and the product development teams.
- Develop AppSec technical tools to improve the efficiency of the secure development process (static and dynamic code analyzers, web application vulnerability scanners, self-made scripts).
- Develop technical measures to protect applications using the Web Application Firewall and built-in protection mechanisms.
- Demonstrate reports of security testing tools to developers, explain the details of detected problems, provide recommendations for remedy actions, monitor vulnerabilities fixes.
- Participate in certification processes.
- Classify ready-made applications and define regulatory requirements for ensuring information security of ready-made and production applications.
Supplementary tasks - Participation in the development and implementation of information security processes for information security risks reduction such as:
- Implementation and use of information security tools.
- Implementation of single sign-on structure and IAM, PAM integration.
- Assistance in event monitoring and in incident investigation, related to application security.
LANGUAGE REQUIREMENTS:
- Advanced in English, both written and spoken.
Compensation and Benefits
- Extensive opportunities for professional growth within a fast-growing company.
- Be part of a multi-international company that employs dedicated, enthusiastic professionals.
- A compensation package consisting of a fixed salary and extensive benefits.
