Application Security Engineer

Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data entrusted to them. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong understanding of web/mobile/network security, and proficiency in programming languages. They should also be familiar with security assessment tools and techniques. This is an exciting opportunity to contribute to the development of novel solutions and protect against cyber threats in a rapidly growing and dynamic environment.

• Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
• Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
• Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
• Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
• Conduct security assessments for software components developed in the company
• Validate external security reports and bug bounty submissions
• Take part in the SLDC process development and implementation
• Conduct post-mortem reviews of application security bugs
• Consult engineers on application security matters, train them on secure development practices
• A call or two with Development, Product Management teams to discuss security-related issues
• Review of new tickets @ http://hackerone.com/acronis.
• Penetration test of new features
• Work with the Infrastructure Security and Security Compliance teams on projects like security hardening of existed components.
• Helping other security teams with expertise, knowledge, and advice

• 2+ years experience in Application Security
• Strong knowledge of modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile, and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage
• Familiarity with the Same Origin Policy and Cross-site scripting contexts
• Ability to describe and suggest fixes for attacks like SQL injection, XXE, SSRF, or any other
• Willingness to participate in the SLDC process development and implementation
• Ability to conduct post-mortem reviews of application security bugs
• Consultation and training skills in application security matters
• Responsive, alert, detail-oriented, makes decisions, and never gives up attitude

• Flexible hybrid and remote working models
• Generous time off policy
• Private medical benefits and meal tickets
• Professional development programs
• 7Card Gym Subscription
• Employee recognition and referral bonus program