Ciklum is a leading global digital services and software engineering company, serving Fortune 500 and fast-growing organisations. Headquartered in the UK, we unite 3,500+ software developers, designers, product managers and data scientists around the world building tailored digital solutions that leverage emerging technologies.
We are enabling digital transformation for some of the largest household names and platforms in the digital economy. Ciklum is the place to make your tech ideas tangible and join the global projects redefining industries.
We are looking forward to seeing you as a part of our team!
On behalf of Ciklum Digital, Ciklum is looking for Senior Cyber Security Engineer to join our team.
Ciklum is looking for technology experts who want to make a positive influence on new business by applying best QA practices and taking ownership.
Our projects usually last for 6-12 months and our technological focus is mainly on web and mobile technologies. So, you’ll have the opportunity to get frequently in touch with new projects, processes, approaches, technologies, and tools. Through direct knowledge exchange with international clients you are an important contributor in making them successful.
Our environment gives you the opportunity to share your professionalism to help team members grow and we support you with training and education in the areas where you want to develop.
About Quality Engineering Team:
Quality Engineering Center of Excellence is an international award-winning Quality Engineering department that has rapidly evolved over the past 7 years to become a mature Quality Engineering service provider with 250+ professionals working in 7 main directions: QA Consulting and Management, DevOps, Manual, Automation, Support, Performance, Cyber Security and Robotic Process Automation.
Our main principles are:
- People are over processes and hierarchy
- Flat and open collaboration/communication increases creativity and brings more value to a business
- Investing in people and innovations ensures your future
- Reuse and share your experience – Develop best practices, publicize and follow them
Quality Engineering Center of Excellence is an optimal environment for your professional involvement and growth.
One of the fastest growing B2B software companies in the world, OutSystems is on a mission to change the way software is built. The OutSystems modern application platform empowers customers to build, deliver, manage and evolve the software that makes a difference to their business. With high-productivity, AI-assisted tools, customers are able to quickly tackle any strategic challenge such as application modernization, workplace innovation, business process automation, and customer experience transformation. The OutSystems platform also ensures solutions are secure, resilient, cloud-native, built to scale, and most importantly, are able to be continuously evolved.
- Security projects estimation, participation in analysis of security team efforts
- Guide middle and junior engineers through projects
- Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews
- Evaluation of security risks and recommendations for risks mitigations
- Documentation of security findings, security testing report preparation and review
- Communication with clients
- Presentation of the team’s work results and reports to clients
- Security training and knowledge sharing for internal QA and Development teams
- BS in Computer Science or related field
- At least 4 years of relevant work experience including but not limited to: Web and Mobile Application Security, Penetration testing, Vulnerability assessment, and Code-level Security Auditing
- Ability to manually find and exploit at least OWASP Top10 Web vulnerabilities
- Ability to manually find and exploit at least OWASP Top10 Mobile vulnerabilities
- Familiarity with OWASP Testing guide
- Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
- Ability to operate by vulnerability assessment tools like Tenable Nessus or Rapid7 Nexpose
- Experience with one or more scripting languages: Python, Ruby, PHP, Bash, and Perl.
- Ability to read source code and find issues using tools or manually in .NET or Java
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
- Upper intermediate English level
- Knowledge of SAST tools (Checkmarx, Veracode) and working experience with them
- Relevant work experience in one of the following: Development, QA Automation (Web, Mobile, etc.), and Security consulting
- Professional certifications. For example, issued by: Offensive Security, eLearn Security, SANS, CREST, Mile2, SecurityTube, ISACA, (ISC)2 and EC-Council.
- Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
- Security related publications, blog posts, and/or participation in tools development
What's in it for you
- Close cooperation with the client
- A constant flow of new projects
- Dynamic and challenging tasks
- Ability to influence project technologies
- Projects from scratch
- Team of professionals: learn from colleagues and gain recognition of your skills
- European management style
- Continuous self-improvement
Client video presentation