Application Security Engineer

Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong understanding of web/mobile/network security, and proficiency in programming languages. This is an exciting opportunity to contribute to the development of novel solutions and protect against cyber threats in a rapidly growing and dynamic environment.

• Threat modeling: Thinking about how attackers can compromise a system and determining the necessary protections against them
• Secure Software Development Lifecycle: Assisting developers in writing secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
• Security code reviews: Identifying security vulnerabilities in source code before an application is deployed to production
• Vulnerability testing and analysis: Discovering weaknesses in deployed applications and advising development teams on remediation
• Conducting security assessments for software components developed within the company
• Validating external security reports and bug bounty submissions
• Participating in the development and implementation of the SLDC process
• Conducting post-mortem reviews of application security bugs
• Consulting engineers on application security matters and providing training on secure development practices
• Collaborating with Development and Product Management teams to discuss security-related issues
• Reviewing new tickets on http://hackerone.com/acronis
• Performing penetration tests on new features
• Working with the Infrastructure Security and Security Compliance teams on projects such as security hardening of existing components
• Assisting other security teams with expertise, knowledge, and advice

• 2+ years experience in Application Security
• Strong knowledge of modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile, and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Basic programming skills with Go, Python, or another language
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage

• Competitive salary and compensation package
• Opportunity to work with cutting-edge technology in the field of cyber protection
• Rapid-growth and expansion phase of the company
• Chance to contribute to creating a #CyberFit future and protecting the digital world
• Dynamic and global work environment
• Opportunity to work in a fast-paced and rapidly changing work environment
• Impactful role with instrumental contribution to the success of the company
• Emphasis on company values such as responsiveness, alertness, attention to detail, decision-making, and perseverance
• Collaboration with development and product management teams
• Review of security-related issues and tickets
• Penetration testing of new features
• Collaboration with infrastructure security and security compliance teams
• Opportunity to share expertise, knowledge, and advice with other security teams
• Strong focus on application security with threat modeling, secure software development lifecycle, security code reviews, vulnerability testing and analysis, security assessments, and post-mortem reviews
• Opportunity to consult engineers on application security matters and train them on secure development practices
• Opportunity to participate in the SLDC process development and implementation
• Upper-intermediate level of English proficiency required
• Equal opportunity employer with a diverse and inclusive work environment