Senior Security Engineer (SAST DAST Pen Testing) (Hybrid/Remote) (w/m/d)

Frankfurt, Germany

Full Time Senior-level / Expert USD 107K - 149K *
Ivanti logo

Ivanti

Ivanti provides solutions for IT asset management, IT service management, endpoint security, supply chain management & more. Discover the power of unified IT management when you get in touch with us today.

View all employer listings

Apply now Apply later

Who We Are

Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management and security solutions - helping organizations reduce risks and costs associated with managing their IT environment.

Ivanti is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work, as well as many accolades for the products it develops. Our customer focus strategy is driven by the company’s core values, including innovation, accountability, teamwork, and trust, it's an exciting time to join Ivanti.

Looking for more than just a job? We like developing our people just as much as we like developing great products and services

If you’re passionate about what you do, are a champion of customer satisfaction and success, and interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!

 

What We Do

  • Empower users to seamlessly and securely connect from any place in the world that offers air, water and… Internet!
  • Equip organizations with the right tools to configure access, manage and enforce compliance with a holistic view on network, users and usage.
  • Empower organizations to continue to breathe easy, now with an added sense of invincibility.
  • Work hard so that you can focus on the things you want to!

 

Who you are

  • Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
  • Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
  • Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.

 

What You'll Do

  • Develop a broad and deep technical understanding of products, services and architectures.
  • Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
  • Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
  • Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
  • Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
  • Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
  • Propose and develop training materials to help raise the security bar across the organization.
  • Develop innovative and scalable tools, solutions, and processes to enhance product security operations

 

What You’ll Need To Be Successful

  • 5+ years of experience in web application security, SSDLC, Threat Modeling
  • Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
  • Passion for understanding and researching vulnerabilities and exploitation techniques
  • Knowledge of development and integration tools and technologies (e.g. CI/CD)
  • Knowledge of test automation frameworks and how they can be brought to bear for security QE
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
  • Ability to work in a self directed environment that is highly collaborative and cross functional
  • Educate application developers to enhance quality of security in the code
  • Programming knowledge with Java web application & Python
  • Knowledgeable regarding backend security topics such as secret management and service authentication
  • Perform penetration tests and coordinate third-party vendor Pen Tests
  • Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations

 

What Would Be Nice To Have

  • B.S. Computer Science or similar combination of education and experience
  • Strong software development exposure (Java, iOS and Android APIs, Web, Python)
  • Good communication skills
  • Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
  • Have experience in web, database, information and/or infrastructure security
  • Know and love learning about the latest security tools, infrastructure, and industry best practices
  • Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
  • Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
  • Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats

 

At Ivanti, we are One.  One Company, formed from many. One people, formed by an environment of mutual respect and trust made up by people working together without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by law.   As a global company, we believe that diversity and inclusion among our team members is critical to our success and we proactively strive to recruit, develop and retain the best and brightest people from the most diverse candidate pools we can find all over the world.

#LI-AA1

#LI-Remote

* Salary range is an estimate based on our salary survey at salaries.infosec-jobs.com
Job perks/benefits: Career development
Job regions: Remote/Anywhere Europe
Job countries: Germany United States
Job stats:  6  0  0
  • Share this job via
  • or

Other jobs like this

Explore more Cyber Security career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.