Security Analyst (app security)

Responsibilities:

• Creating security requirements for services and applications
• Building a threat model for systems and services
• Participation in the assessment of information security risks for systems and services
• Analyze identified vulnerabilities as part of information security testing
• Participation in change management

Requirements:

• Competence (preferably experience) in the management and implementation of secure development methods in the SDLC (Secure Software Development Lifecycle)
• Competence in the analysis of existing threats to information security, their relevance, the possibility of implementation and consequences, understanding of ways to implement threats
• Preparation and analysis of information security requirements for systems / products / components
• Skills for creating documents in the framework of the direction of information security (Regulations, technical maps, instructions, etc.)
• Competence on threats and vulnerabilities identified as a result of the use of automated testing tools and manual tests
• Knowledge of the requirements of state regulators in the field of information security
• Knowledge of information security controls for product solutions
• Knowledge in the field of information security risk management
• Carrying out an IS risk assessment for systems / products / services (internal / external vendors)
• Knowledge in the field of organizing methods for protecting mobile applications
• Knowledge in the field of cryptography. Differences between world standards and state ones
• Competence in the field of electronic signature
• Experience in shaping information security requirements for cloud solutions (preferred by AWS)
• Knowledge in building a threat model for information systems and their components
• Knowledge of the main vulnerabilities of information systems OWASP TOP 10
• An understanding of the organization of web applications, web servers, application technologies, frameworks and protocols in relation to application development and deployment
• Familiar with the code management system (for example, BitBucket), the CI / CD building system (for example, Jenkins), the principles of application containerization, the Kubernetes docker container management system, the principles of building a microservice architecture, authentication and authorization methods OAuth 2.0 and OpenID Connect
• Purposefulness, ability to work independently, ability to negotiate and reach consensus on different priorities of product development teams and solutions
• English: upper-intermediate

We offer:

International business career: work in a large international company that creates a diverse and inclusive environment for professional and personal growth. Strong Raiffeisen community of highly professional and successful teams from different countries.

Challenging WOW-projects: involvement into large-scale projects on product development, using modern engineering technologies, unique approach to encouraging customer-driven innovation.

Comfortable and safe format of work: flexible work conditions including remote work or hybrid models alternating between in-office hours and remote work. Offices with uninterruptible power supply and bomb shelters are provided to perform duties.

Professional development: knowledge sharing with colleagues from abroad, development within the company, upskilling and reskilling opportunities, internal competitions. The possibility of obtaining a T-shaped expertise. Internal and external training programs. Corporate English courses. Soft skills trainings at our corporate L& D academy. Team building activities and involvement into social projects.

Attractive social package and wellbeing: 28 days of paid vacation, medical insurance, official employment. Mental and Physical health support: individual psychological sessions and lectures, -free online workouts, yoga.

Stable income: competitive salary and bonuses for your efforts and contribution, rewards for participation in the referral program.