Job description
Responsibilities:
- Application and network security testing – working with development team to manually test the application for security.
- vulnerabilities including use of automation tools such as BurpSuite. Review of source code with development team including use of source code security tools.
- Application vulnerability risk analysis - estimating vulnerability risk in context of specific application, environment and business scenarios. This will include writing and demonstrating vulnerability "proofs of concept”, explaining this to technical architects and business stakeholders.
- Security Consulting – working with technical architects and developers on design of security-sensitive features; providing technical expertise to security related questions in design and development stage; assistance in development of automated testing suites to enforce security standards in newly written code.
- Complies with all confidentiality and non-disclosure policies and/or agreements and ensures security of information at all times.
The ideal candidate has:
- Demonstrated experience of testing current browser and web technologies – HTTP, HTML5, JavaScript, AJAX based web applications.
- Comprehensive knowledge of web security features (e.g. CORS) and threats (e.g. XSS, CSRF).
- Understanding of web application architectures, such as MVC, and infrastructure such as load balancers, web proxies etc.
- Demonstrated experience reading and analysing web application source code in languages such as Java, PHP, ASP.NET.
- Hands on experience with application security testing tools such as BurpSuite, sqlmap and network security testing tools such as OpenVAS, mmap.
- Demonstrated experience security testing on Unix operating systems.
- Possess strong written and verbal communication skills as well as presentation skills.
- Excellent interpersonal, analytical, organisational, and problem-solving skills.
- Ability to establish and maintain effective working relationships with project and respective team resources.
- Proven ability to work independently with minimal supervision.
- Certification is preferred in one of the following: CISSP / OWASP / CLAS.
What you get from Kainos:
- Relocation package that covers flights, accommodation, and other relocation costs;
- Private medical insurance at Medicover (possibility to take your family under it);
- 1500 PLN per year to pay for your hobby courses (you can spend it for whatever you want i.e. kitesurfing or Spanish language lessons);
- Gym card Multisport (50% paid by company; possibility to take your family under it);
- Integration and family parties: Summer BBQ, Kick Off, Pay Day Drinks, Christmas Party, St. Patrick’s Day, and many more;
- Online training portal access — Pluralsight;
- Career Coach taking care of your career progress in Kainos;
- Conferences in Poland and abroad as a speaker or listener (you can prepare for your presentation within working hours);
- 3000 Pounds for Refer-a-friend scheme;
- Possibility to work from home up to 3 days per week;
- Core hours (starting work between 8 and 10 AM);
- 7,5 hours working day;
- Fun rooms, Chill Out room and gym with showers in the office;
- Soft skills training;
- Easy access to the people on managerial levels, real influence on the company’s decisions;
- Very stable employment in a company that cares about employees’ development.