Application Security Engineer

Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong understanding of web/mobile/network security, and proficiency in programming languages. This is an exciting opportunity to contribute to the development of novel solutions and protect against cyber threats in a rapidly growing and dynamic environment.

• Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
• Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
• Identify security vulnerabilities in source code before an application is deployed to production through security code reviews
• Discover weaknesses once an application is deployed and advise development teams on remediation through vulnerability testing and analysis
• Conduct security assessments for software components developed in the company
• Validate external security reports and bug bounty submissions
• Take part in the SLDC process development and implementation
• Conduct post-mortem reviews of application security bugs
• Consult engineers on application security matters and train them on secure development practices
• Collaborate with Development and Product Management teams to discuss security-related issues
• Review new tickets on http://hackerone.com/acronis
• Perform penetration tests on new features
• Work with the Infrastructure Security and Security Compliance teams on projects like security hardening of existing components
• Provide expertise, knowledge, and advice to other security teams
• Stay updated on modern web/mobile/network security and security models of Web/REST API, cloud, mobile, and desktop apps
• Utilize security assessment tools and attack techniques
• Conduct code assessments in programming languages Go, Python, JavaScript
• Share security research, open source tools, blog posts, and bug bounty program participation in interviews

• 2+ years experience in Application Security
• Strong knowledge of modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile, and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Basic programming skills with Go, Python, or another language
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage

• 2+ years experience in Application Security
• Strong knowledge of the modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage
• Upper-intermediate level of English