Search Jobs
Search by job, company or skills
Search by job, company or skills
About the role:
In this role, you'll be part of a dedicated team ensuring Curefit's security posture. You'll conduct design reviews, develop automated security tools, and collaborate with product teams to identify and mitigate threats, all while enhancing secure software development practices. Your expertise will play a crucial role in maintaining the safety of our web and mobile applications.
Key Responsibilities:
Join a team dedicated to maintaining Curefit world-class security posture.
● Conduct design reviews of upcoming features from an application security perspective, identifying potential threats and
proposing mitigations.
● Develop security tools to monitor for security and compliance controls in real time.
● Develop a broad understanding of the curefit products and pro-actively update the threat model and implement
mitigations.
● Improve secure software development practices.
● Create a roadmap of pentesting curefit assets and automate your test cases.
● Collaborate with the Product Team to ensure adherence to Security Standards.
Skills Required
● Minimum of 2+ years of in-depth experience in Application Security, with a focus on Web and Mobile Applications.
● Ability to Develop and implement automated tools (python/bash) to help spot known security exposures.
● Excellent understanding of security by design principles and architecture level security concepts.
● Experience and knowledge of penetration testing tools and methodologies.
● Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
● Competency in Cyber Security Risk Analysis.
● Understanding of application protocols, development, and common attack vectors.
● Proficiency in at least one scripting language, such as Bash, Python, Go etc.
● Experience with Secure Code Quality Tools like Sonarqube, Fortify etc.
● Experience with pentest tools and frameworks such as: Burp Suite, Kali open-source tools, OWASP ZAP, Metasploit,
Nessus, Nmap, MobSF, Genymotion, Frida, APK Tool etc.
Good To Have
● Understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like
AWS.
● Understanding of CI/CD pipelines, Jenkins etc.
● Certifications like CEH, eJPT, LPT, AWS Certified Security Specialty, Certified Cloud Security Professional (CCSP), OSCP,
OSWE/AWAE, SANS etc.
Job ID: 148881241
Skills:
Burp Suite, Veracode, DAST, SCA, Secure Code Scanning, OWASP ZAP, Analytical Problem-Solving, SAST, Secure Coding Practices, Application Penetration Testing
Skills:
DAST, Github, API security, Javascript, Application Security, Gitlab, Python, AWS, Java, Node.js, Jenkins, Gcp, Owasp Top 10, Azure, SSDF, Go, SAST, Secure Software Development, WAF tuning, Sigstore, Cosign, container scanning tools, SCA, CI CD pipelines, nist, vulnerability remediation
Skills:
DevSecOps, Application Security, PowerShell, Bash, Coverity, Python, Azure Cloud Security, Polaris, Wiz, BlackDuck, Jfrog Xray
Skills:
Node, Mobile Security, Sonarqube, AWS API Gateway, Python, Scripting, Jwt, Burp Suite, Owasp Top 10, Cloudflare WAF, SAST tools, authorization models, GitHub Actions, OWASP ZAP, API security testing, API gateway architectures, Kong, secrets scanning, API Shield, session handling, DevSecOps practices, API security risks, Accunetix, OIDC, dependency scanning
Skills:
DAST, Config, Bash, Burp Suite, Kms, Iam, Waf, Kubernetes, Python, AWS, OPA, Gatekeeper, Aqua, Go, Security Hub, Kyverno, ZAP, SAST, Falco, GuardDuty, Prisma
We don’t charge any money for job offers
