Senior Application Security Analyst

13 Ноября

Партнерские Вакансии

Компания "QuadCode"

About the Team

We are Quadcode, a fintech company excelling in financial brokerage activities and delivering advanced financial products to our global clientele. Our flagship product, an internal trading platform, is offered as a Software-as-a-Service (SaaS) solution to other brokers.

Now we are looking for a Senior Application Security Analyst to join our Application Security team, which provides services to ensure the security of in-house developed software, including threat analysis, architectural review, automated scanning, and manual checking.

In this role, you will play a crucial role in safeguarding Quadcode's digital products by designing and implementing advanced security measures. Working at the forefront of technology, your primary focus will be to identify, assess, and mitigate security vulnerabilities throughout our software development lifecycle.

You will work on applications developed in Golang, C++, TypeScript, and JavaScript, ensuring they are protected against potential threats and breaches. This is an exciting opportunity to work in a dynamic environment where you can make a significant impact by implementing the best security practices and collaborating with cross-functional teams.

If you have a strong grasp of security best practices, excel in risk assessment, and thrive in collaborative environments, we invite you to join us in creating secure, innovative solutions that will enhance Quadcode's security processes.

The team consists of 2 professionals: an Application Security Analyst, and a Team Leader.

We work with Agile and Scrum methodologies, including 2-week sprints, grooming, planning, and retrospectives, as well as the SAFe framework. Our team utilizes Google Meet, Slack, TargetProcess, Wiki, and Confluence for collaboration. We operate in the EET/EEST time zone.

Tasks

• Work with development teams using a shift-left approach to integrate security best practices into the SDLC;
• Conduct security reviews at the design stage and prior to product deployment for both existing and new services;
• Integrate and maintain security processes and tools (SAST, SCA, DAST) within development pipelines;
• Develop and maintain a security architecture blueprint; Define and uphold information security requirements for products;
• Conduct penetration testing, simulating real-world attack scenarios;
• Manage the Bug Bounty program by processing reports from external researchers and overseeing the remediation of vulnerabilities;
• Lead developer awareness programs to educate teams on common security pitfalls;
• Support AppSec tools and services, and engage in research and development (R&D) for SDLC protection methodologies;
• Conduct security risk assessments and threat modeling for applications.

Requirements

• 3–5 years of proven experience as an Application Security Analyst or in a similar role within application security;
• 3+ years of experience with software development methodologies and secure coding practices;
• Strong understanding of common application vulnerabilities, attack vectors, and mitigation techniques;
• 2+ years of experience with security standards and frameworks, such as PCI-DSS and GDPR;
• 2+ years of experience with security tools, including SAST, SCA, DAST, and penetration testing tools;
• Proficiency in at least one programming language, such as Python or Go, with a minimum of 2 years of experience;
• English proficiency at B1+ level (ability to read technical documentation and communicate with international teams);
• Fluent in Russian (at least C1 level).

Nice to have

• OSCP, ISC2 such as CISSP, CCSP or Cloud security certifications are nice-to-have and provide a competitive advantage for the candidate;
• Successful participation in Bug Bounty programs;
• CTF experience;
• Familiarity with OWASP Testing Guide, OWASP Code Review Guide, OWASP Secure Coding Practices;
• Experience working with and supporting HashiCorp Vault;
• Experience with network vulnerability scanners (Nessus, XSpider, MaxPatrol, etc.).

We offer

• Full-time remote work as a Service Provider in the following countries: Bulgaria, Georgia, Belarus, Hungary, Romania, Latvia, Lithuania, Moldova, Azerbaijan, Armenia, Kyrgyzstan, Uzbekistan, Greece, Croatia, Montenegro, Serbia, Kazakhstan, Slovenia, Russia, Cyprus, and Estonia (a valid residence permit is required);
• Competitive remuneration;
• Professional courses;
• Friendly, enjoyable, and positive environment.

Currently, over 700 employees and service providers are stationed across its seven global offices located in the UK, Gibraltar, the UAE, the Bahamas, Australia, and the headquarters in Cyprus. By broadening its international presence, Quadcode presents a myriad of intriguing tasks and challenges for professionals like developers, market research analysts, and PR marketing specialists, among others.

Join us today, and let's shape the future of fintech together!

Note: All applications will be treated with strict confidence. We thank all applicants for their interest, however, only those candidates selected for interviews will be contacted.