Metro Group is the top-5 largest retailer in the world. We are honored to be a partner to build brand-new eCommerce Marketplace platform and make our client #1 digital eCommerce provider in Europe.
Our client has incredible expertise in physical sales, as well as successful eCommerce business in Germany. New commercial platform is part of strategic roadmap to bit global marketplace providers like Amazon/eBay in selected market segments and leverage strong world-wide branding, 20+ millions of existing offline clients, dedicated field-force sales in Europe and well-established logistics, delivery and client-support network.
The platform assumes to host 10+ high-load cloud-based product applications, managed end-to-end by dedicated teams (including Product Owner on client side /Germany/, and full cross-functional teams on Ciklum side /Kiev/). Ciklum team encounters 100+ employees for this project which is planned for 18 months at least. First public-beta release is planned for Sep 1, 2019. Our delivery started in September 2018 and current team size is 50 employees.
Automation, performance and security QAs will work along with Manual QA engineers to ensure the highest quality standards. Our project offers amazing opportunity to apply your experience, build engineering process from scratch using the latest technologies and gain new knowledge.
On behalf of Testing Center of Excellence and Metro Group, Ciklum is looking for a Senior Security QA Engineer (Application Security Analyst) to join Kyiv team on a full-time basis.
- Security projects estimation, participation in analysis of security team efforts
- Guide middle and junior engineers through projects
- Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews
- Evaluation of security risks and recommendation of threat mitigations
- Documentation of findings into formal security assessment report
- Present report to customers
- Security trainings for security team and internal manual / automation QA and Development teams
- Communication with client’s technical personnel
- BS in Computer Science or related field
- At least 4 years of relevant work experience including but not limited to: Web and Mobile Application Security, Penetration testing, Vulnerability assessment, and Code-level Security Auditing
- Ability to manually find and exploit at least OWASP Top10 Web vulnerabilities
- Ability to manually find and exploit at least OWASP Top10 Mobile vulnerabilities
- Familiarity with OWASP Testing guide
- Experience with various penetration testing tools (e.g. BurpSuite, Metasploit, OWASP ZAP) on Linux and Windows
- Ability to operate by vulnerability assessment tools like Tenable Nessus or Rapid7 Nexpose
- Experience with one or more scripting languages: Python, Ruby, PHP, Bash, and Perl.
- Ability to read source code and find issues using tools or manually in .NET or Java
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols
- Upper intermediate English level
- Relevant work experience in one of the following: Development, QA Automation (Web, Mobile, etc.), and Security consulting
- Professional certifications. For example, issued by: Offensive Security, eLearn Security, SANS, CREST, Mile2, SecurityTube, ISACA, (ISC)2 and EC-Council.
- Experience with Bug Bounty programs (e.g. BugCrowd, HackerOne)
- Security related publications, blog posts, and/or participation in tools development
- Ability to handle input being provided unformalized
- Ability to switch fast from one task to another
- Ability to think and search for solution without supervision
What's in it for you
- Possibility to propose solutions on a project.
- Participation in project estimation.
- Dynamic and challenging tasks.
- Ability to influence project technologies.
- Team of professionals: learn from colleagues and gain recognition of your skills.
- Fast professional.