Application Security Engineer
Forex Club is a product company. Our mission is to provide the opportunity for everyone to play, learn and trade. We've been helping our clients to trade stocks, currencies, indices, commodities, gold, oil, gas and agriculture.
Now we are looking for an Application Security Engineer to join our sunny office in Montenegro.
DevOps and SDLC
- Work with development and QA teams to assure secure development practices
- Provide and adopt security best practices to DevOps processes
- Assist QA in developing security test cases.
- Assist Engineering teams with code review and code security.
- Implement static code analysis tools to identify possible security breaches
- Develop key indicators of malicious activities and ensure mitigation and detection measures are designed and built into applications
- Develop security metrics and measurement for application security and SDLC security activities.
- Development and customization of our monitoring tools
- Working with web application firewall (WAF) alerts
- Regularly perform vulnerability testing and provide consistent process to fix found vulnerabilities
- Internal and external bug bounty programs
- Combined experience with both a detailed technical knowledge and hands-on practice working in application and network security, penetration testing, secure software development and/or QA.
- Advanced knowledge of web architectures, web applications, REST APIs, mobile applications, desktop applications, and the underlying technology of cloud infrastructure.
- Knowledge of cloud web, mobile, and client application security vulnerabilities, attack methods, and countermeasure techniques.
- Programming skills enough to create and adopt secure tools in accordance with our needs
- Experience leading code reviews, pen-tests, or similar projects.
- Experience bringing security designs and secure development practices into Agile development environments
- Expert knowledge of secure application architectures, encryption technologies, cryptography and key management, authentication and control of application permissions, and implementation of same.
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, SIP, RTP) and security capabilities.
- Experience with fraud, Data Privacy regulations, PCI DSS, Sarbanes Oxley, ISO 27001/27002, ISF and other security frameworks will be a plus.
- language skills: Fluency in either English or Russian, proficiency in both an advantage
- Work in the reliable and stable well-known company
- We offer to work closely with team of product owners and developers who support and develop our flagship product, The Libertex, for international markets, including Latin America, CIS, Europe and Asia
- European Office (Serbia, Belgrade)
- Competitive salary and bonus
- Work in the friendly professional team
- Unique international corporate culture