Job Details

Application Security Engineer at cloud.ru. Experience from 3 to 6 years. Salary is discussed during the interview. Location: Moscow. Hybrid work format.

Interaction with DevOps within the framework of integrating secure development tools; Application security analysis (product testing using automated tools) (SAST/DAST/SCA, Container security, etc.); Provide teams with information about found vulnerabilities and assist in their remediation; Participation in the development of rules for automated tools (SAST/DAST, etc.). Participate in BugBounty support.

Knowledge and understanding of the principles of exploiting threats from OWASP Top 10, CWE Top 25 and protecting against them; Skills in working with SAST, DAST, SCA/OSA, ASOC, etc. tools; Understanding the principles of REST/gRPC API structure; Understanding the principles of K8S operation – operators, webhooks, reconciliation loop; Understanding the principles of building secure inter-service communication; Experience with containerization tools (Docker, K8S) and automated deployment; Basic knowledge of DevOps/DevSecOps fundamentals (system landscape, their purpose, tasks solved, general understanding of processes). Experience in analyzing source code and identifying vulnerabilities, at least in Go/Python.