Application Security Engineer (Cyber Security Team)
București, Romania
Acronis
Acronis provides award-winning backup software & data protection solutions for consumers, businesses & MSPs. Protect your sensitive information!As Acronis is dedicated not just to Cyber Protection but to the general protection of its potential and current employees, recruitment and onboarding process are being held online during the current global COVID-19 situation.
Acronis leads the world in cyber protection - solving safety, accessibility, privacy, authenticity, and security (SAPAS) challenges with innovative backup, security, disaster recovery, and enterprise file sync and share solutions that run in hybrid cloud environments: on-premises, in the cloud, or at the edge. Enhanced by AI technologies and blockchain-based data authentication, Acronis protects all data, applications and systems in any environment, including physical, virtual, cloud, and mobile.
With dual headquarters in Switzerland and Singapore, Acronis protects the data of more than 5 million consumers and 500,000 businesses in over 150 countries and 20 languages.
People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect
applications.
RESPONSIBILITIES:
- Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
- Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
- Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
- Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
- Your typical day will look like:
- A call or two with Development, Product Management teams to discuss security-related issues
- Review of new tickets @ http://hackerone.com/acronis.
- Penetration test of new features
- Work with the Infrastructure Security and Security Compliance teams on projects like security hardening of existed
components. - Helping other security teams with expertise, knowledge, and advice
SKILLS & EXPERIENCE:
- 2+ years experience in Application Security
- Strong knowledge of the modern web/ mobile/ network security
- Basic programming skills with Go or Python
- Any public researchers, tools, disclosed tickets are a big plus
- Readiness to answer in an interview the following questions:
- What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
- Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses(Windows Security) Your opinion about LPE from Admin to the System user
- How to count possible compromised accounts?
- To write a simple exploit or a few lines of code that allows checking some kind of attacking vector
- At least Upper-intermediate level of English
WE OFFER:
- Attractive remuneration
- Sport card
- Meal vouchers
- Supplemental Health insurance
- Tickets for conferences and seminars
- Challenging atmosphere and interesting projects
- Future career development in a multinational company
#LI-RK1
Tags: Application security Blockchain Cloud Compliance Exploit Network security Privacy Python Scripting SQL SQL injection SSRF Vulnerabilities Windows XSS
Perks/benefits: Career development Conferences
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs