Application Security Engineer

Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data entrusted to them. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong understanding of web/mobile/network security, and proficiency in programming languages. This is an exciting opportunity to contribute to the development of novel solutions and protect against cyber threats in a rapidly growing and dynamic environment.

• Threat modeling: Think about how attackers can compromise a system and determine necessary protections against them
• Help developers write secure code by implementing secure coding standards, techniques, and best practices
• Identify security vulnerabilities in source code through security code reviews before deployment
• Discover weaknesses in deployed applications and advise development teams on remediation
• Conduct security assessments for software components developed within the company
• Validate external security reports and bug bounty submissions
• Take part in the development and implementation of the Secure Software Development Lifecycle (SLDC) process
• Conduct post-mortem reviews of application security bugs
• Consult engineers on application security matters and provide training on secure development practices
• Collaborate with Development and Product Management teams to discuss security-related issues
• Review new tickets on hackerone.com/acronis
• Perform penetration tests on new features
• Work with the Infrastructure Security and Security Compliance teams on projects such as security hardening of existing components
• Provide expertise, knowledge, and advice to other security teams
• Stay updated on modern web/mobile/network security and security models of various applications
• Utilize security assessment tools and attack techniques effectively
• Conduct code assessments in programming languages such as Go, Python, and JavaScript
• Published security research, open source tools, blog posts, and participation in bug bounty programs are considered advantageous

• 2+ years experience in Application Security
• Strong knowledge of modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile, and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Basic programming skills with Go, Python, or another language
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage

• Competitive salary and compensation package
• Opportunity to work with cutting-edge technology in the field of cyber protection
• Rapid-growth and expansion phase of the company
• Chance to contribute to creating a #CyberFit future and protecting the digital world
• Dynamic and global work environment
• Opportunity to work in a fast-paced and rapidly changing work environment
• Impactful role with instrumental contribution to the success of the company
• Emphasis on company values such as responsiveness, alertness, attention to detail, decision-making, and perseverance
• Collaboration with development and product management teams
• Review of security-related issues and tickets
• Penetration testing of new features
• Collaboration with infrastructure security and security compliance teams
• Opportunity to provide expertise, knowledge, and advice to other security teams
• Strong focus on application security with threat modeling, secure software development lifecycle, security code reviews, vulnerability testing and analysis, security assessments, and post-mortem reviews
• Opportunity to consult engineers on application security matters and train them on secure development practices
• Opportunity to participate in the SLDC process development and implementation
• Opportunity to validate external security reports and bug bounty submissions
• Strong emphasis on knowledge and experience in application security, modern web/mobile/network security, security models, and security assessment tools and techniques
• Opportunity to contribute to security research, open source tools, and bug bounty programs
• Upper-intermediate level of English proficiency required
• Equal opportunity employer with a diverse and inclusive work environment