We are looking for a Junior Application Security Engineer for our offices in Athens
A day in the life of a Junior Application Security Engineer
As a Junior Application Security Engineer will be part of the Information Security Department, participate in the design, implementation, operation, and monitoring of the Secure Software Development Lifecycle roadmap of Netcompany-Intrasoft according to the business strategy and selected information security standards and best practices, support application of security by design principles across Netcompany-Intrasoft products and software development services, and enhance security assurance levels related to application security through DevSecOps culture and automation.
Your team main duties are:
- Performing manual secure code review to identify and report security issues and weaknesses
- Reviewing output from automated application security testing (e.g., SAST, DAST, SCA) and perform triage activities to assess relevancy of discovered vulnerabilities and rate their security impact
- Performing research and investigation to propose solutions in mitigating security vulnerabilities, at the application and code level, discovered by manual and automated security testing assessments
- Performing scoped manual security verification assessments with specialized tools (e.g., Burp, ZAP Proxy, Postman and other) and prepare reports describing issues towards development teams
- Reviewing software architecture and design documentation to determine security threats, risks, and develop test-cases for manual security testing assessments
- Participating and contributing to application security training activities and workshops
- Giving presentations on technical security topics towards internal development teams
- Supporting the implementation, configuration, and continuous tuning of scanning policies in DevSecOps tooling (e.g., SAST, DAST, CA)
- Supporting the automation of task execution related to DevSecOps tooling by developing scripts
By joining Netcompany - Intrasoft, a leading IT company, you will be part of a hub of 1.700+ tech enthusiasts in Greece. You will work using cutting-edge technologies that contribute to the design and delivery of solutions and products for challenging, large-scale IT projects, that affect the lives of millions of citizens around the globe.
- Επιθυμητά προσόντα (π.χ. τελειόφοιτος/απόφοιτος, τμήμα, ξένες γλώσσες, κ.λπ.):
If you have
- Bachelor Degree in Computer Science or Computer Engineering field;
- Master Degree in Information Security field or have some practical experience of 1 or more years in Information Security domain;
- Ability to understand workflows written in programming languages such as Java, C#, JavaScript and/or Python;
- Experience with OWASP Top 10 risks and CWE Top 25 vulnerabilities and discovering these vulnerabilities in assessment targets;
- Knowledge in at least one of the following domains: HTML, CSS, URLs, DOM, Browser/Server Communication, Web Servers;
- Knowledge in at least one of the following domains: Operating System Internals, Cloud Architecture, Container technology, Networking, Cryptography, Authentication mechanisms, Authorization controls, Input validation or DevSecOps;
- Knowledge of exploitation techniques related to at least three of the following vulnerabilities: XSS, SQLi, IDOR, SSRF, CSRF, HTTP Header Smuggling;
- Knowledge of security verification tools such as Burp Suite, ZAP, SonarQube;
- Knowledge of risk measurement frameworks (e.g., CVSS, CWSS);
- Excellent command of the English language.
…then this position is suitable for you!
It would also be a plus if you had
Any of the following qualifications will also be considered a great additional asset.
- Any Application Security certification, (e.g. CASE, CSSLP, CASS, CSP, GIAC Certified Web Application Defender).
- Any Information Security related certification, (e.g. CISSP, CEH, ISACA’s CSX, Microsoft AZURE Security Associate, AWS Certified Security Specialty).
- Any other Application Security Micro-Learning certification, (e.g., Burp Suite Certified Practitioner, Online Course Completion certifications by Udemy, HackTheBox, etc.)
- 1 year or more of hands-on experience in Information and Technology security domains.
- 1 year or more of hands-on experience in Software Development.
This position comes with
- Competitive compensation packages
- Continuous learning (with the most modern methods - unlimited access to Udemy for Business), and fast career growth
- Interesting and challenging tasks within large-scale projects
- An international dynamic within a fast-paced working environment
- The opportunity to work in a diverse environment with talented colleagues
Εφόσον σας ενδιαφέρει η συγκεκριμένη αγγελία, παρακαλούμε να συμπληρώσετε την Αίτηση Αποστολής Βιογραφικού Σημειώματος, επισυνάπτοντας το βιογραφικό σας σημείωμα.
