[TMP] (Senior) Product Security Engineer

Our mission at Netguru is to help entrepreneurs and innovators shape the world through beautiful software. We care about trust, taking ownership, and transparency. As a Certified B Corporation®, we offer a safe, inclusive and productive environment for all team members, and we’re always open to feedback. If you want to work from home and be a full time employee, great! We want to create the right opportunities for you.

Working with Netguru means:

• Consulting for commercial clients
• Building a security strategy for the product based on requirements and an agile development approach;
• Implementation of Security in Software Development LifeCycle (S-SDLC)
• Assessment and hardening of CI/CD pipelines and Cloud-based infrastructures
• Support of project teams in implementing the best security practices in the design, development, and maintenance of web and mobile applications;
• Conducting security audits, assessments of web, cloud-based applications and systems
• Helping with implementation of security supporting tools (i.e. vulnerability scanners, SAST, DAST, Web Application Firewalls, Anti-DDoS IDS/IPS, etc.)
• Performing security incident analysis, response, and remediation for Cloud-based Web Applications;
• Educating other members of project teams;

Requirements

• Experience in applying best security practices in cloud infrastructure with a focus on cloud-native solutions.
• Experience with security in web applications;
• Experience in security assessment of web applications (vulnerability analysis, pentesting tools).
• Good knowledge of the CI/CD process and automation combined with its security assessment;
• Experience in working with SAST, DAST, and/or vulnerability scanners.
• Ability to conduct risk analysis and threat modeling based on known types of vulnerabilities and attacks on web applications.
• Familiarity with tools used in secure software development processes and secure coding practices (eg. OWASP ASVS, Proactive Controls, etc.).
• Good command of written and spoken English (at least B2+).

Nice-to-haves:

• Experience with Linux administration, Docker, and cloud solutions like AWS or Azure
• Experience working with tools such as WAF, VPN, SAST and DAST, vulnerability scanners, patch-level verifiers, etc.
• Experience with development teams;
• Technical security certifications
• Experience in pentesting
• Experience in security for mobile applications
• Good knowledge of containerization (Docker) and container orchestration (Kubernetes) with an emphasis on security
• Thought leadership artifacts (speeches made at meetups, conferences)
• Practical knowledge of security requirements as defined in documents such as GDPR, ISO 27001, HIPAA, PCI-DSS, PSD/PSD2

Benefits

• 100-percent remote work;
• work with an experienced team of developers and continuous development of your hard and soft skills;
• a mentor who will assist you during your first days;