Senior Application Security Engineer
Athens, Greece
Applications have closed
Netcompany-Intrasoft
Netcompany-Intrasoft is a leading European IT Solutions and Services Group with strong international presence and expertise, offering innovative and added-value solutions of the highest quality to a wide range of international and national...Company Description
We are Netcompany-Intrasoft, a leading European IT Solutions and Services Group with strong international presence and expertise, offering innovative and added-value solutions of the highest quality to a wide range of international and national public and private organizations. More than 500 organizations in over 70 countries worldwide have chosen the company's services and solutions to fulfill their business needs.
For more information regarding our company, current projects, and openings around Europe, please consult our website: www.netcompany-intrasoft.com.
Job Description
We are looking for a Senior Application Security Engineer for our offices in Athens
A day in the life of a Senior Application Security Engineer
As a Senior Application Security Engineer, you will be part of the Information Security Department and you will drive the design, implementation, operation, and monitoring of the Secure Software Development Lifecycle roadmap of Netcompany-Intrasoft according to the business strategy and selected information security standards and best practices. Moreover, you will lead projects for the adoption of security by design principles in Netcompany-Intrasoft products and software development services, and enhance security assurance levels related to application security through DevSecOps culture and automation.
Your main duties will be:
- Define secure architecture patterns and secure design specifications together with software architects to guide software implementation
- Perform threat modeling in software architecture and software design artifacts prepared by software architects
- Lead research and investigation activities to propose implementation of application security controls at the code level
- Lead the execution of manual secure code review to identify and report security issues and weaknesses
- Lead the review of output from automated application security testing (e.g., SAST, DAST, SCA) and perform triage activities to assess relevancy of discovered vulnerabilities, rate their security impact and propose mitigation actions
- Lead scoped manual security verification assessments with specialized tools (e.g., Burp, ZAP Proxy, Postman and other) and prepare reports describing issues towards development teams
- Develop and deliver application security training activities and workshops
- Give presentations on technical application security topics towards internal development teams
- Evolve the implementation and configuration of scanning policies in DevSecOps tooling (e.g., SAST, DAST, SCA)
By joining Netcompany - Intrasoft, a leading IT company, you will be part of a hub of 1.700+ tech enthusiasts in Greece. You will work using cutting-edge technologies that contribute to the design and delivery of solutions and products for challenging, large-scale IT projects, that affect the lives of millions of citizens around the globe
Qualifications
If you have
- Bachelor Degree in Computer Science or Computer Engineering field;
- Master Degree in Information Security field or related work experience of 3 or more years
- Advanced skills in understanding workflows written in programming languages such as Java, C#, JavaScript and/or Python;
- Extended experience with identification and mitigation of OWASP Top 10 risks and CWE Top 25 vulnerabilities;
- Hands-on experience with secure design and security controls implementation in software applications that follow the micro-services architecture pattern;
- Practical experience performing threat modelling using relevant methodologies (e.g., STRIDE, PASTA, OCTAVE)
- Advanced technical knowledge in the following domains: HTML, CSS, URLs, DOM, Browser/Server Communication, Web & Application Servers;
- Technical knowledge in the following domains: Operating System Internals, Cloud Architecture, Container technology, Networking, Cryptography, Authentication mechanisms, Authorization controls, Input validation and DevSecOps;
- Good knowledge of security verification tools such as Burp Suite, ZAP, SonarQube;
- Good knowledge of risk measurement frameworks (e.g., CVSS, CWSS);
- Excellent command of the English language (C2 level).
…then this position is suitable for you!
It would also be a plus if you had
Any of the following qualifications will also be considered a great additional asset.
- Any Application Security certification, (e.g. CASE, CSSLP, CASS, CSP, GIAC Certified Web Application Defender).
- Any Information Security related certification, (e.g. CISSP, CEH, ISACA’s CSX, Microsoft AZURE Security Associate, AWS Certified Security Specialty).
- Any other Application Security Micro-Learning certification, (e.g., Burp Suite Certified Practitioner, Online Course Completion certifications by Udemy, HackTheBox, etc.)
- 2 or more years hands-on experience in Software Development
This position comes with
- Competitive compensation packages
- Continuous learning (with the most modern methods - unlimited access to Udemy for Business), and fast career growth
- Interesting and challenging tasks within large-scale projects
- An international dynamic within a fast-paced working environment
- The opportunity to work in a diverse environment with talented colleagues
Additional Information
We ensure equal opportunities, treatment, and consideration to all candidates. Discrimination based on sex, racial or ethnic origin, religion or belief, disability, age, sexual orientation or marital status, physical or mental disability, or any other factor protected by applicable laws and regulations is prohibited. At Netcompany-Intrasoft we respect human rights as part of our culture, and we focus on creating a positive workplace in which all employees are valued and where diversity and inclusivity are welcomed.
The safety and well-being of our employees remain our top priority. Please note that Netcompany-Intrasoft’s recruitment process is being conducted virtually due to preventive measures against the Covid-19 pandemic.
#LI-TM1
Our culture
Our people are the most important element of our success. Our work life is well defined by our set of fundamental Values: https://bit.ly/3SSbBzU
#BePartOfSomethingGreat!
*Please submit your CV in English
All applications will be treated as strictly confidential.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Azure Burp Suite C CEH CISSP Cloud Computer Science Cryptography CVSS DAST DevSecOps GIAC ISACA Java JavaScript Monitoring Octave OWASP PostMan Python SAST SDLC SonarQube Strategy Vulnerabilities
Perks/benefits: Career development Competitive pay
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs