Application Security Engineer

Responsibilities

• Demonstrated ability to collaborate with other teams to achieve complex objectives.
• Responsible for security architecture design from cloud infrastructure to application through the implementation of "secure by design" principles.
• Collaborate with product managers, architects, and developers on the implementation of the security controls platform ecosystem and products.
• Proof security implementations within infrastructure and application deployment manifests and the CI/CD pipelines.
• Define required policies, controls, and capabilities for the protection of products and environments.
• Build and validate declarative threat models automation.
• Participate in engineering teams’ product planning cycles and committees.
• Oversee the product security aspects for migration of products and services from Data Center to public cloud, e.g., AWS.
• Serve as a trusted Cyber Security advisor to product and application teams.

Minimum requirements

• Experience integrating security scanning/tooling into development pipeline.
• Experience in analyzing and securing microservices and applications developed using JavaScript and TypeScript.
• Experience with CI/CD pipelines (such as GitLab, Jenkins) and infrastructure-as-a-code models (such as Terraform, Helm, or CloudFormation).
• Hands-on development experience in Python/Shell scripting.
• Strong understanding of supply chain security, software integrity, and secure software delivery.
• Experience with docker and mesh technologies (such as ISTIO).
• Experience with architecture and security reviews, threat modeling and applications risk highly desired.
• Experience working with Agile-methodologies.
• Knowledge of privacy laws and regulations, such as GDPR desired.
• Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc.

Preferred qualification

• In-depth experience with architecting secure services on Kubernetes.
• Extensive experience with architecting secure services on AWS or on-prem data centres.
• Security-related professional certifications e.g., CISSP, CISM, CCSK, CCSP, CEH is highly desirable.

We offer excellent benefits, including but not limited to

• Learning and development opportunities and interesting, challenging tasks.
• Official employment in accordance with the laws of Cyprus and the EU, registration of family members.
• Relocation package (tickets, staying in a hotel for 2 weeks).
• Company fitness corner in the office for employees.
• Opportunity to develop language skills and partial compensation for the cost of language classes.
• Birthday celebration present.
• Time for proper rest and 24 working days of Annual Vacation.
• Breakfasts and lunches in the office (partially paid by the company).

Join BrainRocket and rock with us!