Company Description

We are Netcompany-Intrasoft, a leading European IT Solutions and Services Group with strong international presence and expertise, offering innovative and added-value solutions of the highest quality to a wide range of international and national public and private organizations. More than 500 organizations in over 70 countries worldwide have chosen the company's services and solutions to fulfill their business needs. For more information regarding our company, current projects, and openings around Europe, please consult our website: www.netcompany-intrasoft.com.

Job Description

A day in the life of a Junior Application Security Engineer...

As a Junior Application Security Engineer, you will be part of the Information Security Department and you will participate in the design, implementation, operation, and monitoring of the Secure Software Development Lifecycle roadmap of Netcompany-Intrasoft according to the business strategy and selected information security standards and best practices. Moreover, you will support application of security by design principles across Netcompany-Intrasoft products and software development services, and enhance security assurance levels related to application security through DevSecOps culture and automation.

Your main duties will be:

• Perform manual secure code review to identify and report security issues and weaknesses
• Review output from automated application security testing (e.g., SAST, DAST, SCA) and perform triage activities to assess relevancy of discovered vulnerabilities and rate their security impact
• Perform research and investigation to propose solutions in mitigating security vulnerabilities, at the application and code level, discovered by manual and automated security testing assessments
• Perform scoped manual security verification assessments with specialized tools (e.g., Burp, ZAP Proxy, Postman and other) and prepare reports describing issues towards development teams
• Review software architecture and design documentation to determine security threats, risks, and develop test-cases for manual security testing assessments
• Participate and contribute to application security training activities and workshops
• Give presentations on technical security topics towards internal development teams Support the implementation, configuration, and continuous tuning of scanning policies in DevSecOps tooling (e.g., SAST, DAST, CA)
• Support the automation of task execution related to DevSecOps tooling by developing scripts

Qualifications

• If you have Bachelor Degree in Computer Science or Computer Engineering field
• Master Degree in Information Security field or have some practical experience of 1 or more years in Information Security domain
• Ability to understand workflows written in programming languages such as Java, C#, JavaScript and/or Python
• Experience with OWASP Top 10 risks and CWE Top 25 vulnerabilities and discovering these vulnerabilities in assessment targets
• Knowledge in at least one of the following domains: HTML, CSS, URLs, DOM, Browser/Server Communication, Web Servers
• Knowledge in at least one of the following domains: Operating System Internals, Cloud Architecture, Container technology, Networking, Cryptography, Authentication mechanisms, Authorization controls, Input validation or DevSecOps
• Knowledge of exploitation techniques related to at least three of the following vulnerabilities: XSS, SQLi, IDOR, SSRF, CSRF, HTTP Header Smuggling; Knowledge of security verification tools such as Burp Suite, ZAP, SonarQube
• Knowledge of risk measurement frameworks (e.g., CVSS, CWSS);
• Excellent command of the English language.

then the position is suitable for you!

Additional Information

We ensure equal opportunities, treatment, and consideration to all candidates. Discrimination based on sex, racial or ethnic origin, religion or belief, disability, age, sexual orientation or marital status, physical or mental disability, or any other factor protected by applicable laws and regulations is prohibited. At Netcompany-Intrasoft we respect human rights as part of our culture, and we focus on creating a positive workplace in which all employees are valued and where diversity and inclusivity are welcomed. The safety and well-being of our employees remain our top priority. Please note that Netcompany-Intrasoft’s recruitment process is being conducted virtually due to preventive measures against the Covid-19 pandemic.

#LI-TM1