Application Security Engineer

  • Infobip
  • Zagreb, Croatia
  • 20/11/2021
Full time

Description

Every great company’s success starts with having a great product. To write our success story, it is essential that our global, cloud-based products are supported with a stable infrastructure. As an Application Security Engineer, you will have an impact on security aspects of the infrastructure and full application stack which makes the Infobip platform in multiple environments (dev, staging, production), dealing with challenges of protecting the security posture of a complex multi data-center architecture and continually improving it.  

You know you are doing a good job when:  

  • Tools owned by Security team are managed and maintained to support the Infobip platform SLA.  
  • Vulnerabilities are detected early and mitigated in a timely manner.  
  • Help engineering teams by performing security assessments of their products where you identify, quantify and help mitigate security flaws early in all phases of the product development process.  
  • Work with software development teams and enjoy finding and fixing security bugs.  
  • Comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement are written.  
  • Tools to assist in detection, prevention and analysis of security threats are properly implemented and updated regularly.  

Qualifications

You possess at least:  

  • Understanding of the OWASP Top 10, SANS 25 and/or CWE 25.  
  • Ability to perform penetration testing (applications, lateral movement, and network), with focus on Web applications.  
  • Ability to perform security audit of different internal products.   
  • Ability to consult other Dev teams, how to fix their code based on found vulnerabilities.  
  • Ability to assist code reviews  
  • Knowledge of CI/CD  
  • Familiar with cloud infrastructure and how to conduct penetration testing activities inside cloud environment, especially AWS/Azure.  
  • Understanding beyond the OWASP Top 10 by explaining the level of risk to the business.  
  • Experience in software development/scripting with building & integrating tools, especially by using web APIs to support automatization of security tools.  
  • Experience in securing a micro-service architecture.  
  • Can participate in the organization and follow-up of our partner external penetration testing campaigns.  
  • Development experience with Python, Java, .NET, JavaScript (Node/React), and/or Go  

Also:  

  • You have an ability to adapt fast and like working in a high-paced environment.  
  • You build positive, lasting relationships with colleagues in the team.  
  • A degree in Computer Science, IT, Systems Engineering or a related qualification.  
  • Security certifications, publications, and/or security project contribution is a plus  
  • Experience with popular System Virtualization and application containerization. 
  • Knowledge to participate in incident response and analysis. 

Additional Information

Why our employees choose us (and stay)?

  • Never a dull moment – We work with powerful companies with strong impact, which pushes us to work on the highest possible level. Work on uncharted challenges and push boundaries on a daily basis. 
  • Opportunity Knocks. Often. – Being a part of a growing company in a growing industry – we challenge you not to grow!  
  • Grow your knowledge – Learn as you go, starting from the internal education and onboarding from your colleagues, e-learning and more. Knowledge is for sharing, and learning is a path to growth. 
  • Compensation & Benefits – Competitive salary, travel allowance, expatriate compensation packages for your business trips, rewards and holiday bonuses, team buildings and other organized activities, company library, organized sports, kitchen stocked with the usual suspects... Talk about a balanced lifestyle! 

We do not ask for any fees (refundable or non-refundable) at any stage of the job application and or recruitment process. We, therefore, appeal to job seekers not to respond to any such requests.

No