Application Security Engineer

Company Description

The Veeam Quality Assurance team invites you to work on Veeam’s products and to learn from Veeam QA professionals.

Veeam creates software products to solve complicated tasks in the areas of data protection and management. We work with VMware vSphere, Microsoft Hyper-V and Nutanix AHV virtualization platforms; Windows, Linux and Unix operating systems; Active Directory, Exchange, SharePoint, SQL, Oracle and SAP HANA servers and databases; Amazon, Azure and Google public clouds; and many other technologies forming the core of the modern IT-world.

Job Description

Your tasks will include:

• Threat modeling and design reviews for new and existing Veeam products;
• Conducting manual source code security audits;
• Using automated application-analysis tools;
• Manually testing products in terms of their security (penetration testing);
• Analyzing and discussing requirements, interacting with all participants in the development process;
• Participating in the creation and development of each product at all stages of its life cycle.

Qualifications

To be successful, you will need:

• 1–2 years of experience in application security, in testing or software development;
• Knowledge in the field of information security, threat classification (SQL Injections, CSRF, DDoS, etc.), and countermeasures;
• Knowledge of one or more programming languages: C/C++/C#/JavaScript;
• A good understanding of the principles of secure software development;
• Administration skills in Microsoft Windows, Linux or Unix;
• A desire to develop in the field of application security;
• A lively and flexible mind, clear logic, and analytical skills;
• The desire and ability to work as part of a team;
• A willingness to relocate to the company’s R&D office in the Czech Republic;
• Good verbal and written communication skills in English.

Additional skills:

• Knowledge of scripting languages (Python, PowerShell, Bash, Ruby, etc.);
• Knowledge of modern cryptographic algorithms;
• Experience with DAST and SAST tools;
• Skills using OWASP ZAP, Burp Suite, Kali Linux tools;
• Certifications such as OSCP, CEH, CSSLP, etc.

Additional Information

We offer:

• Excellent professional and career opportunities in the international team of talented and energetic people.
• Welcome bonus (in amount of 2 monthly gross salaries).
• Flexible working hours, no bureaucracy or formalism.
• Professional trainings and education, including courses and conferences, internal meetups and unlimited access to online library.