Security Engineer

Primary Responsibilities

• Enchancement of Mobile, Web, Cloud and corporate security
• Security expert for application developement, service architecture design
• Bulding Corporate Standarts in accordance with Industry Compliance Requirements (ISO 27001)
• Providing significant input to form Security culture within the company

Required Skills & Abilities

• 3+ years experience within Information Security field
• Understanding cryptography concepts (Hashing, Salting, Symmetric/asymmetric cryptography, Digital signatures, Non-repudiation)
• security knowledge in: Mobile Applications, Web Applications, Cloud Security, Networks, Operating systems
• Strong understanding/knowledge of the security testing methodologies
• Understanding risk Assessment/Threat Modeling processes
• Understanding how to identify malicious code and activity
• Understanding and have practical experience in Technical controls, Operational Controls, Managing Controls
• Strong understanding of Vulnerability Managements process and common remediation approaches as published by industry standarts OWASP, SANS, NIST etc
• Understanding and have a practical expirience of building the Secure Software Development Lyfecycle phases (DevSecOps)
• Understanding Identity Management principles: SSO, OAuth, JWT, SAML
• Understanding Access Controls principles (Discretionary/ Non-Discretionary, Rule set–Based (RSBAC), Role-Based (RBAC), Mandatory, Attribute-Based access controls)
• Experience with wrting scripts for automation
• Excellent written and verbal communication skills, be able to present technical information to both engineering and non-engineering audiences
• Ability to build solid relationships with surrounding teams
• Understanding of relevant information security governance, technical and security standards, and regulations. (i.e. ISO 27001, GDPR, NIST Cybersecurity framework).

Preferred skills

• Understand Business Continuity principles (Be able to understand BIA, DRP strategies Understanding MTD/ MTPOD, RTO RPO concepts)
• Understanding and have practical experience in Disclosure Controls practices (Technical controls, Operational Controls, Managing Controls)
• Industry certifications are considered as a plus
• Understanding Secret Management process. (SSM, Vault, Thycotic, CyberArk)
• Knowledge on how to test code for security quality (JS, Python, Java)
• Understand Security Monitoring concepts. Have practical experience with the Event Correlation Systems (IDS/IPS, SIEM, Cloud Specific )

What we offer:

• A chance to improve lives of millions of women worldwide
• Ability to contribute to a world-class product with a large user base
• Professional development opportunities in a highly skilled and motivated team
• Competitive salary
• Strong management with a proven track record of successful projects, including MSQRD, AIMatter, Maps.me

Our benefits include:

• getting stock options after the first year of work in the company
• 60$ in a month for sports, medicine, trainings
• modern office in “Dana Center’’
• corporate events
• participation in conferences and trainings
• corporate library
• flexible working day
• 27 calendar days for vacation and 5 sick days