Overview:
SOFTSWISS continues to expand the team and is looking for an Application Security Engineer. We need a true, experienced, and accomplished professional who shares our culture and values.
Our goal is to make sure that we deploy secure software to production without unnecessary bottlenecks, that applications are properly hardened, and security vulnerabilities, once discovered, are fixed by the developers.
As an Application Security Engineer, you will play a crucial role in ensuring the security of our applications throughout the entire software development lifecycle (SDLC). You will partner closely with the product teams to identify, analyze, and mitigate security vulnerabilities, contributing to the creation of trustworthy and robust products.
Security Team:
SOFTSWISS Security Team takes care of iGaming services protection, data privacy, and business continuity to ensure that nothing distracts satisfied customers from using our products. We work closely with the IT team that develops and supports our services, and together we create genuinely excellent and secure iGaming products.
Key responsibilities:
- Plan, design, implement, automate, and (if you wish) support AppSec tools.
- Contribute to building company-wide processes for secure code development and deployment.
- Assess products and new features through risk assessment, threat modelling, and manual security testing with a white box approach.
- Triage identified security vulnerabilities, provide clear and actionable descriptions and ensure these findings are properly addressed and mitigated.
- Manage the bug bounty program, collaborate with researches and internal teams to resolve the discovered vulnerabilities.
- Partner with Dev/QA teams throughout a development lifecycle to enhance the security posture of the application by providing expert consulting, knowledge sharing, and clear security requirements.
Requirements:
- 2+ years of experience in the information security field, with at least 1 year of experience in application security.
- Knowledge of secure development processes and best practices.
- General web application security knowledge (i.e., how the web actually works? what is SOP? and why do we need CORS? what is CSP?).
- Practical knowledge of common web application vulnerabilities (i.e., OWASP Top 10), and how to detect and prevent them.
- Knowledge of secure system/application architecture and design principles.
- Understanding of modern threats to high-performance web applications that is used by millions of users daily.
- Practical, hands-on experience in security assessments (penetration testing and code review).
- University degree in Computer Science, Information Security, or related field, or equivalent combination of education and experience.
- Intermediate or higher English and Russian (B1+).
Nice to have:
- Passion for programming.
- Technical knowledge of network and operating systems security.
- Hands-on DevSecOps experience.
- Practice of participation in bug bounty programs and/or CTFs.
- Deep knowledge of SAST/DAST tools, including customisation.
- Relevant certifications (i.e., OSWE, GWEB, etc.).