Application Security Engineer
CENSUS SA
- Ελλάδα
- Μόνιμη
- Πλήρης Απασχόληση
- Executing end-to-end security posture assessments for a wide range of applications (mobile, web, cloud, special purpose, etc.), via source code auditing, functional testing, fuzz testing, reverse engineering, and other methodologies.
- Reviewing product security designs, supporting threat modelling activities, documenting missing security controls, and driving analysis for security enhancements.
- Researching, reviewing, comparing, and proposing technologies that can satisfy the client's established requirements, and aligning with their strategies.
- Validating CI/CD pipelines and auditing deployment configurations across various hosting environment models (native, hybrid, etc.).
- Verifying if output implementation is aligned with the products' security architecture, requirements, and threat model.
- Documenting and presenting product security risks in both technical- and business-oriented language.
- MSc or BSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
- 2+ years of experience in application security (mobile, web front-end, backend, full-stack, special purpose applications, etc.) related roles. Experience can be an engineering / development position (e.g., consumer or enterprise), an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them.
- Proven experience in developing, auditing, or testing security solutions at the application level for mobile, web / cloud, embedded / IoT or special purpose computing platforms.
- Experience in identifying and reporting security vulnerabilities on software running on web / cloud, mobile or IoT platforms (OWASP Web / Mobile Top10 vulnerabilities, input validation, injection attacks, data encryption, transport layer protections, insecure configurations, secrets management, etc.).
- Experience in reading & comprehending source code, discerning business logic pitfalls, and identifying security flaws in at least one of the following groups of languages:
- Mobile-relevant, such as Swift, Obj-C, Kotlin, Java, Dart, or JavaScript.
- Web- and Cloud-relevant, such as Java, Ruby, Rust, Go, Python, PHP, C#, Lua, or JavaScript.
- Native- and IoT-relevant, such as C or C++.
- Experience with assessing and researching mobile (iOS or Android) or web / cloud security controls and the underlying technologies.
- Familiarity with application reverse engineering or fuzz testing methods.
- Experience with authentication, authorization, identity, and access management technologies, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, etc.
- Experience with basic cryptographic primitives, such as symmetric & asymmetric encryption, authenticated encryption, key derivation, and key exchange.
- Problem solving skills, analytical thinking, and willingness to learn/grow.
- Proficient in English and excellent communication skills.
- Familiarity with performing design-level security reviews.
- Familiarity with debugging, instrumenting, and profiling software running on edge or server / cloud platforms such as Clang Sanitizers, Frida, GDB, JDB etc.
- Familiarity with DevSecOps processes, tools and CI/CD pipelines for applications that are hosted on premise infrastructure or on cloud environments.