Security Code Engineer - Auditor (SCEA)
The SCEA’s role is to help the organisation to prevent cyber threats by exposing any weaknesses that are found in the organisation’s software source code, to stop hackers from being able to exploit data or system resources due to inadequately coded software, and to empower the organisation’s coders and developers to be the first line of defence by providing them with the skills and tools to write secure code from the very beginning. The SCEA reports to the organisation’s Chief information security officer (CISO).
You will be responsible for:
- taking a lead role in planning, executing, and maintaining the Application Security program, managing its roadmap;
- leadership in investigating and analysing programmed source code, working closely with developers to review source code in order to discover any potential security weaknesses, bugs, exploits, or violations of programming standards;
- planning and executing the source code audit process, preparing formal reports, translating the report findings into practical next steps that need to be taken in order to mitigate the identified risks;
- ensuring that the source code analysed adheres to any up to date coding standards for the language, operating system, or platform, and fulfils the security requirements;
- embedding secure coding, code analysis, and code audit procedures into the existing QA process, ensuring that the overall coding QA process is based on the best practices;
- planning and execution of source code analysis, inspecting source code, reviewing authorisation, authentication, session and communication protocols, and various implementations for security;
- reviewing and evaluating third party code and open source libraries that may be called by the organisation’s code, taking an active part when software integration and interface questions arise, assessing the design and solutions from the point of view of secure code;
- taking a lead on internal and external application penetration tests and planning and executing the remediation of vulnerabilities present in the code;
- executing the organisation’s Bug Bounty programme, assessing the reports on vulnerabilities;
- educating coders and development teams in best practice around source code creation, especially addressing the security aspects of software design.
We expect you to have intrinsic motivation and:
- the ability to organise the workflow in the assigned area and prioritise tasks, take leadership as a process owner;
- an analytical mind with the ability to make sense of source code;
- good written and verbal communication skills;
- a degree in a related field such as Software Engineering, Math, Computer Science, IT, or Cyber-Security;
- around 5 years of relevant information security working experience, especially in the application security area;
- experience and strong in-depth working knowledge in performing software development (design and coding), around 2 years of specialised experience performing security code reviews, audits, or closely related activities;
- experience utilising static code scanning tools such as HPE Fortify or Checkmarx to perform security assessments;
- extensive knowledge of application security, network segregation, networking protocols, TCP/IP stack, systems architecture, operating systems, web applications, access controls, IDS/IPS technologies, cryptography;
- an understanding of vulnerability testing tools such as Nmap, Qualys, Metasploit, Core Impact, Kali, and Burp Suites;
- knowledge of penetration frameworks such as the Penetration Testing Execution Standard (PTES) or Open Source Security Testing Methodology Manual (OSSTMM);
- knowledge of information security and risk management principles, and a level of familiarity with malicious code and common hacking techniques;
- deep knowledge of and experience with practical usage of OWASP top 10;
- a certification in one or more of the following: EC-Council Certified Secure Programmer, Certified Secure Software Lifecycle Professional (CSSLP), SANS Global Information Assurance Certification (GIAC) Secure Software Programmer, CEH, or other comparable security certifications or acknowledged courses;
- team oriented values - be supportive and committed to excellence and possess a high level of initiative and self-motivation, committed to continual personal and professional growth, possess a proactive approach.
It is worth being a Paysera employee because of:
- in each case salary is agreed individually taking into account the candidate's competence;
- flexible working hours;
- accident insurance;
- internal and external training and learning courses and conferences;
- perfect time with perfect colleagues – table football (foosball), games nights and various team building events, We_are_Paysera;
- electric scooters which can be used for work/ leisure;
- free drinks and healthy snacks.
If you would like to join our team, please send your CV with the subject "Security Code Engineer - Auditor" to the email address firstname.lastname@example.org. Only selected candidates will be contacted, but we are grateful to all who send their CV.
In compliance with the legislation, we would like to indicate that for the present position we are willing to offer a monthly salary from 1600 to 3000 EUR gross. The exact amount depends on the experience, education, and competences of the future employee and acquisition of the established goals (if applicable).