Ciklum is a top-five global Software Engineering and Solutions Company. Our 3,000+ IT professionals are located in the offices and delivery centres in Ukraine, Belarus, Poland and Spain.
As Ciklum employee, you'll have the unique possibility to communicate directly with the client when working in Extended Teams. Besides, Ciklum is the place to make your tech ideas tangible. The Vital Signs Monitor for the Children’s Cardiac Center as well as Smart Defibrillator, the winner of the US IoT World Hackathon, are among the cool things Ciklumers have developed.
Ciklum is a technology partner for Google, Intel, Micron, and hundreds of world-known companies. We are looking forward to seeing you as a part of our team!
On behalf of Ciklum Cyber Security Unit, we are looking for a Cyber Security Expert to join our Kyiv team on a full-time basis. Join if you want to make a positive influence on new business by applying best QA practices and taking ownership.
Our client is a leading supplier of toll road software and architecture starting a new product for managing toll roads from scratch. The solution includes mobile application, back office and tolling services estimator. Also, a lot of integration with financial tools, tolling agencies, and payment methods are crucial for product success.
Ciklum team is going to play a leading role for the whole program management leading and coordinating efforts of several teams and vendors. Our entire team is going to concentrate its effort on integration with tolling agencies and enhancing real-time tolling service.
- Subject Matter Expertise in application security (one of or several: Web, Mobile, IoT)
- Participation in technical pre-sales as SME
- Estimation of efforts required for security assessment projects execution
- Security assessment projects execution planning
- Security assessment projects toolset
- Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews
- Evaluation of security risks and recommendation of threat mitigations
- Documentation of findings and reports presentation
- Pre-delivery review of security reports prepared by team of engineers
- Security trainings for internal QA and Development teams
- Communication with clients
- BS in Computer Science or related field
- At 8+ years of relevant work experience including but not limited to: Web and Mobile Application Security, Penetration testing, Vulnerability assessment, and Code-level Security Auditing
- Experience with effort estimation for security assessment is a must
- Understanding of AWS security concepts
- Understanding of OBAC / RBAC
- Ability to support Team of Engineers in complex security issues exploitation
- Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
- Experience with one or more scripting languages: Python, Ruby, PHP, Bash, and Perl.
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
- Familiarity with OWASP Testing Guide, OWASP Top 10, WASC-TC
- Advanced English level
- Relevant work experience in one of the following: Development, QA Automation (Web, Mobile, etc.), and Reverse Engineering
- Understanding of mobile device security
- Professional certifications. For example, issued by: Offensive Security, SANS, CREST, Mile2, eLearnSecurity, ISACA, (ISC)2 and EC-Council.
- Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
- Security related publications, blog posts, and/or participation in tools development
- Experience with TeX (Xelatex) typesetting engine.
- Fluent english
- Experience in pre-sales of security assessment projects
- Sharp analytical abilities and proven design skills, good ability to learn, resourcefulness, self-motivated, goal-driven, result-oriented
What's in it for you
- Possibility to propose solutions on a project
- Dynamic and challenging tasks.
- Ability to influence project technologies.
- Team of professionals: learn from colleagues and gain recognition of your skills.
- Low bureaucracy, European management style.
- QA knowledge sharing meetings
Client video presentation