Senior Security Engineer - remote

Netguru S.A.
Posted 9 months ago

We are looking for Senior Security Engineer to perform an audit in our client's company that includes:
  • risk assessment &threat modeling
  • consulting &architecture analysis
  • CI/CD pipeline hardening
  • extended security testing
  • cloud hardening
A Senior Security Engineer is delegated to complete the above-mentioned tasks, supporting the development team with tasks related to risk identification and mitigation.

It is an assignment for 4-8 man days / 8-16 man days with 50% engagement (4h/day).

Start date: 26.02.2024

Your responsibilities:

  • Consulting for commercial clients
  • Auditing and hardening of CI/CD pipelines and cloud-based infrastructures
  • Support for project teams in implementing the best security practices in the design, development, and maintenance of web and mobile applications
  • Conducting security audits, assessments, and pentests of web and mobile applications and cloud-based systems
  • Helping with implementation of security tools (i.e. vulnerability scanners, SAST, DAST etc.)
  • Performing security incident analysis, response, and remediation for cloud-based web applications
  • Upskilling other members of project teams

First, check if you have:

  • Hands-on experiencein the area of web application security;
  • Ability to conduct risk analysis and threat modelling based on known types of vulnerabilities and attacks on web and mobile applications;
  • Knowledge of best practices and standards in the field of software development (Software Development Life Cycle - SDLC) of web applications with particular emphasis on the principles of secure software development (i.e. OWASP ASVS);
  • Knowledge and experience in cloud security and best practices in an AWS/Azure/GCP environment;
  • Knowledge of techniques in the field of penetration testing (reconnaissance, vulnerability analysis, pentesting tools, reporting);
  • Very good command of written and spoken English (B2 +).

It would be nice if you have:

  • Experience with Linux administration, Docker, and cloud solutions like AWS or Azure;
  • Experience working with tools such as SAST and DAST, vulnerability scanners, patch-level verifiers, etc.
  • Technical security certifications;
  • Good knowledge of the CI/CD process and automation combined with its security assessment;
  • Experience in pentesting;
  • Experience in security for mobile applications;
  • Practical knowledge of security requirements as defined in documents such as GDPR, ISO 27001, HIPAA, PCI-DSS, PSD/PSD2.

What's in it
for you? Becoming a Netguru Freelancer means:

  • Flexibility: 100% remote work.
  • Professionality: dev-friendly processes, like Continuous Integration and Code Review, work in line with Agile methodology.
  • Diversity: projects from various industries like fintech, healthcare, insurance, or education.
  • Growth: work with a team of experts and continuous development of your hard and soft skills.
  • Knowledge: knowledge sharing sessions, internal knowledge base.
Curious to learn more about working as a Netguru freelancer? All the information you need is here: Netguru Talent Marketplace.