Application Security Engineer
Acronis
·
Posted:
August 21, 2023
·
Onsite
About the position
Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong knowledge of web/mobile/network security, and proficiency in programming languages. They will also have a passion for security research and a desire to contribute to the ongoing protection of digital assets.
Responsibilities
- Think about how attackers can compromise a system and determine necessary protections
- Help developers write secure code by implementing secure coding standards, techniques, and best practices
- Identify security vulnerabilities in source code through security code reviews
- Discover weaknesses in deployed applications and advise development teams on remediation
- Conduct security assessments for software components developed within the company
- Validate external security reports and bug bounty submissions
- Take part in the development and implementation of the Secure Software Development Lifecycle (SLDC) process
- Conduct post-mortem reviews of application security bugs
- Consult engineers on application security matters and train them on secure development practices
- Collaborate with Development and Product Management teams to discuss security-related issues
- Review new tickets on hackerone.com/acronis
- Perform penetration tests on new features
- Work with the Infrastructure Security and Security Compliance teams on projects such as security hardening of existing components
- Provide expertise, knowledge, and advice to other security teams
- Stay updated on modern web/mobile/network security and security models of various applications
- Utilize security assessment tools and attack techniques
- Conduct code assessments in programming languages such as Go, Python, and JavaScript
- Publish security research, open source tools, and blog posts related to application security
- Participate in bug bounty programs
- Answer interview questions related to security concepts and attacks
- Demonstrate knowledge of security fields and express interest in further learning
- Possess at least upper-intermediate level English proficiency.
Requirements
- 2+ years experience in Application Security
- Strong knowledge of the modern web/mobile/network security
- Understanding of security models of Web/REST API, cloud, mobile and desktop apps
- Hands-on experience with security assessment tools and attack techniques
- Code assessments in programming languages Go, Python, JavaScript
- Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage
- Readiness to answer interview questions related to security topics
- At least Upper-intermediate level proficiency in English
Benefits
- Competitive Benefits
- Employee recognition and referral bonus programs
- Hybrid and flexible working models
- 25 days paid annual leave
- Supplementary health insurance for employees and family members, including dental treatment and childbirth bonus
- Monthly sports card for employees and family members
- Monthly public transport card
- Convenient and modern office location in state of the art building including office massage and game rooms
- Free parking for cars and bicycles
- Free office lunch vouchers
- Team-building and social activities
- Global mentorship program
- Trainings, certifications, and professional development activities
- Participation in conferences and seminars