Paskelbta: 2020-03-24

Peržiūrėta: 64

Paysera (Vilnius)

Security Code Engineer - Auditor (SCEA)

Paysera is not only the first e-money institution in Lithuania, but also one of the most successful Fintech companies in the country. We create a world where transfers have no boundaries, are simple, fast and accessible to everyone. We are an international company with fully operating representatives in 6 countries and expanding. Our services are provided in more than 180 countries around the globe. Our team is made of more than 170 people in Lithuania and at least 30 more abroad. Enthusiasm, motivation and professionalism is what unites us. Everyone here feels save to express his / her thoughts openly and learn every day. We trust and help each other. We are more than colleagues – we are friends who choose to spend their free time together kayaking, skiing or entertaining in any other way.

Find out about Paysera services here:

Darbo pobūdis:
- taking a lead role in planning, executing, and maintaining the Application Security program, managing its roadmap;
- leadership in investigating and analysing programmed source code, working closely with developers to review source code in order to discover any potential security weaknesses, bugs, exploits, or violations of programming standards;
- planning and executing the source code audit process, preparing formal reports, translating the report findings into practical next steps that need to be taken in order to mitigate the identified risks;
- ensuring that the source code analysed adheres to any up to date coding standards for the language, operating system, or platform, and fulfils the security requirements;
- embedding secure coding, code analysis, and code audit procedures into the existing QA process, ensuring that the overall coding QA process is based on the best practices;
- planning and execution of source code analysis, inspecting source code, reviewing authorisation, authentication, session and communication protocols, and various implementations for security;
- reviewing and evaluating third party code and open source libraries that may be called by the organisation’s code, taking an active part when software integration and interface questions arise, assessing the design and solutions from the point of view of secure code;
- taking a lead on internal and external application penetration tests and planning and executing the remediation of vulnerabilities present in the code;
- executing the organisation’s Bug Bounty programme, assessing the reports on vulnerabilities;
- educating coders and development teams in best practice around source code creation, especially addressing the security aspects of software design.

- the ability to organise the workflow in the assigned area and prioritise tasks, take leadership as a process owner;
- an analytical mind with the ability to make sense of source code;
- good written and verbal communication skills;
- a degree in a related field such as Software Engineering, Math, Computer Science, IT, or Cyber-Security;
- around 5 years of relevant information security working experience, especially in the application security area;
- experience and strong in-depth working knowledge in performing software development (design and coding), around 2 years of specialised experience performing security code reviews, audits, or closely related activities;
- experience utilising static code scanning tools such as HPE Fortify or Checkmarx to perform security assessments;
- good programming skills, experience with programming in server-side technologies and common scripting languages, deep knowledge of Java, Javascript , PHP, familiarity with Symfony Framework;
- extensive knowledge of application security, network segregation, networking protocols, TCP/IP stack, systems architecture, operating systems, web applications, access controls, IDS/IPS technologies, cryptography;
- an understanding of vulnerability testing tools such as Nmap, Qualys, Metasploit, Core Impact, Kali, and Burp Suites;
- knowledge of penetration frameworks such as the Penetration Testing Execution Standard (PTES) or Open Source Security Testing Methodology Manual (OSSTMM);
- knowledge of information security and risk management principles, and a level of familiarity with malicious code and common hacking techniques;
- deep knowledge of and experience with practical usage of OWASP top 10;
- a certification in one or more of the following: EC-Council Certified Secure Programmer, Certified Secure Software Lifecycle Professional (CSSLP), SANS Global Information Assurance Certification (GIAC) Secure Software Programmer, CEH, or other comparable security certifications or acknowledged courses;
- team oriented values – be supportive and committed to excellence and possess a high level of initiative and self-motivation, committed to continual personal and professional growth, possess a proactive approach.

Mes jums siūlome:
- we will send you to internal and external training and learning courses and conferences;
- of course, you will have the opportunity to realise your ideas at an internationally fast-growing company (we are a Fintech company, after all);
- speaking of fun times with fun colleagues – we spend lots of time together and play table football (foosball), basketball, video games, and board games. We also have movie nights and various team building events (you can see this on our instagram);
- we have multiple electric scooters, which can be used for work/leisure time;
- we have flexible working hours;
- we enjoy free drinks and healthy snacks every day;
- you will also have accident insurance, just in case something happens during all this fun time together.

Kandidatuokite čia:

1600-2500 €/mėn. neatskaičius mokesčių

Prašome užpildyti visus laukus.

Failo dydis iki 3 MB. Formatai: DOC, PDF.