Application Security Engineer

Acronis is seeking an Application Security Researcher to join their team in ensuring the safety and protection of data entrusted to them. This role involves working with the application security team to enhance the security of Acronis applications, identifying and addressing security vulnerabilities, and implementing secure coding practices. The ideal candidate will have experience in application security, a strong understanding of web/mobile/network security, and proficiency in programming languages. This is an opportunity to contribute to the development of novel solutions and play a crucial role in protecting the digital world.

• Threat modeling: Thinking about how attackers can compromise a system and determining the necessary protections against them
• Secure Software Development Lifecycle: Assisting developers in writing secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
• Security code reviews: Identifying security vulnerabilities in source code before an application is deployed to production
• Vulnerability testing and analysis: Discovering weaknesses in deployed applications and advising development teams on remediation
• Conducting security assessments for software components developed within the company
• Validating external security reports and bug bounty submissions
• Taking part in the development and implementation of the SLDC process
• Conducting post-mortem reviews of application security bugs
• Consulting engineers on application security matters and providing training on secure development practices
• Collaborating with Development and Product Management teams to discuss security-related issues
• Reviewing new tickets on http://hackerone.com/acronis
• Performing penetration tests on new features
• Working with the Infrastructure Security and Security Compliance teams on projects such as security hardening of existing components
• Assisting other security teams with expertise, knowledge, and advice

• 2+ years experience in Application Security
• Strong knowledge of modern web/mobile/network security
• Understanding of security models of Web/REST API, cloud, mobile, and desktop apps
• Hands-on experience with security assessment tools and attack techniques
• Code assessments in programming languages Go, Python, JavaScript
• Basic programming skills with Go, Python, or another language
• Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage

• Competitive salary and compensation package
• Opportunity to work with cutting-edge technology in the field of cyber protection
• Rapid-growth and expansion opportunities
• Dynamic and global work environment
• Chance to make a significant impact on the success of the company
• Responsive, alert, detail-oriented, and decision-making work culture
• Training and consultation on secure development practices
• Collaboration with development, product management, and security teams
• Involvement in the secure software development lifecycle
• Security code reviews and vulnerability testing
• Conducting security assessments and post-mortem reviews
• Opportunity to participate in bug bounty programs
• Integration into a diverse and inclusive company culture
• Equal opportunity employer with a focus on diversity and inclusion