Ciklum is a top-five global Software Engineering and Solutions Company. Our 3,000+ IT professionals are located in the offices and delivery centres in Ukraine, Belarus, Poland and Spain.
As Ciklum employee, you'll have the unique possibility to communicate directly with the client when working in Extended Teams. Besides, Ciklum is the place to make your tech ideas tangible. The Vital Signs Monitor for the Children’s Cardiac Center as well as Smart Defibrillator, the winner of the US IoT World Hackathon, are among the cool things Ciklumers have developed.
Ciklum is a technology partner for Google, Intel, Micron, and hundreds of world-known companies. We are looking forward to seeing you as a part of our team!
On behalf of Ciklum Digital Team, we are looking for a Senior Security QA Engineer to join our Kiev team on a full-time basis.
Ciklum is building a team to work on various projects which primary goal to improve and automate the customer’s business processes, reduce time and efforts, required for various operations.
Ciklum Cybersecurity Unit is looking Senior Cyber Security Engineer (Application Security Analyst).
- Security projects estimation, participation in analysis of security team efforts
- Guide middle and junior engineers through projects
- Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews
- Evaluation of security risks and recommendation of threat mitigations
- Documentation of findings into formal security assessment report
- Present security report to customers
- Security trainings for security team and internal manual / automation QA and Development teams
- Communication with client’s technical personnel
- BS in Computer Science or related field
- 5+ years of relevant work experience including but not limited to: Web and Mobile Application Security, Penetration testing, Vulnerability assessment, and Code-level Security Auditing
- Ability to manually find and exploit at least OWASP Top10 Web vulnerabilities
- Ability to manually find and exploit at least OWASP Top10 Mobile vulnerabilities
- Familiarity with OWASP Testing guide
- Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
- Ability to operate by vulnerability assessment tools like Tenable Nessus or Rapid7 Nexpose
- Experience with one or more scripting languages: Python, Ruby, PHP, Bash, and Perl.
- Ability to read source code and find issues using tools or manually in .NET or Java
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
- Professional certifications. For example, issued by: Offensive Security, eLearn Security, SANS, CREST, Mile2, SecurityTube, ISACA, (ISC)2 and EC-Council.
- Advanced English level
- Relevant work experience in one of the following: Development, QA Automation (Web, Mobile, etc.), and Security consulting
- Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
- Security related publications, blog posts, and/or participation in tools development
- Ability to handle input being provided unformalized
- Ability to switch fast from one task to another
- Ability to think and search for solution without supervision
What's in it for you
- Possibility to propose solutions on a project
- Participation in project estimation
- Dynamic and challenging tasks
- Ability to influence project technologies
- Team of professionals: learn from colleagues and gain recognition of your skills
- Fast professional growth
Client video presentation