Security Engineer at METRO.digital

Knowledge and skills requirements:

• Knowledge of architecture and design of solutions using cloud-based technologies;
• Proficient in scripting and automation tools such as PowerShell, Ansible Playbooks and Python;
• Working knowledge of the Agile methodology;
• Familiar OWASP Top 10, OWASP ASVS (Application Security Verification Standard), Threat Modeling;
• High interest in the security aspects of modern software systems, as well as software design and architecture, and passion for new technologies;
• Knowledge about the most critical security risks for web applications (e.g. OWASP, CWE);
• General understanding of modern online application architecture concepts, such as availability, scalability, resilience and responsiveness;
• Understanding and interest in public cloud technologies (Amazon Web Services, Google Cloud Services).

Ideally, you will also have:

• Hold or actively pursuing security-related professional certifications within the GIAC family (GSSP-JAVA, GWEB, GSSP-.NET);
• Strong English language skills.

We are looking for a Security Engineer that is passionate about automating, developing, and executing Security best-practices and integrated security automation. Part of Security Engineering team with responsibilities for penetration testing, security patching and antivirus solutions, the Security engineer main objective will be to consult and support development teams automating and shifting left the security testing, in a cloud based, microservices, containerized environment using Java and .Net tech stacks.

We’re looking for someone to:

• Collaborate with information security team, SRE and engineering teams to identify Developers Platform needs and issues with respect to security;
• Work with Scrum Masters, Business Analysts, and Developers to facilitate the flow of continuous development through a secure, stable CD/CI pipeline;
• Consult engineering teams for creating Security Unit Tests and usage of SAST and DAST;
• Conducting proactive research to analyze security weaknesses and recommend best development; practices, which may be general or language specific.

Our general Benefits:

• Work life-balance: flexible working time, work from home forever, celebrate your birthday with a free day;
• Personal growth: trainings in the area of soft, technical and business skills, free Bookster account, opportunity to learn and work with a variety of technologies;
• Well-being: online sport activities, fitness centers discounts, health and life insurance, private pension, lunch tickets;
• Working mode: multicultural, self-organizing teams, agile environment.