Application Security Lead

WE ARE

SoftServe is a global digital solutions company with headquarters in Austin, Texas, founded in 1993. Our associates are currently working on 2,000+ projects with clients in the USA, Europe, and the APAC region. We are about people who create bold things, make a difference, have fun, and love their work.

Critical Services Center of Excellence (CoE), as a subdivision of SoftServe, is a team of highly professional folks with the primary focus on technology, covering software architecture, startups, and enterprise technologies.

We have a proactive approach while consulting our clients on security management and analyzing the entire infrastructure on multiple layers. In this way, we design an efficient security strategy following the security standards (ISO27k, CIS Benchmarks, NIST, SOC2, HIPAA, PCI DSS, etc.) and considering the client’s short- and long-term goals.

Our comprehensive solution provides exceptional visibility of analyzed security risks, complies with international standards, helps to pass the compliance certification audits, and gives instructions to achieve the desired level of data protection.

Cybersecurity team members are located in Poland, Ukraine, Spain, and other European countries.

IF YOU ARE

• An expert with 5+ years in cybersecurity testing, and has practical knowledge across various security domains: Mobile Security, Web Assessment, Network Infrastructure, Cloud Security (any of AWS, GCP, or Azure), binary security (reverse engineering and exploitation would be nice to have)
• Skilled in identifying security vulnerabilities in platforms and providing actionable recommendations to mitigate risks effectively
• Experienced in DAST & SAST & IAST methodologies
• Aware of industry threats, vulnerabilities, and standards: OWASP Top 10/SANS 25, PCI, HIPAA, GDPR
• Experienced with binary fuzzing, network protocol analysis, investigating unknown security vulnerabilities (0-days) or reproducing the known ones (1st days)
• Holder of security certifications: CISSP, CISA, CEH, OSCP, OSCE, or other security credentials
• Fluent in English (upper-intermediate level) and comfortable in a multicultural environment
• Exceptional in both verbal and written communication, capable of leading and influencing virtual teams.

AND YOU WANT TO

• Perform penetration testing for networks, infrastructure, and various applications, including web, mobile, web services, and thick client applications
• Conduct security audits of applications and infrastructure, including design reviews, source code analysis, integration assessments, and security requirement evaluations
• Execute Red Team activities, such as social engineering and security incident simulations, to assess incident response effectiveness
• Develop and implement threat modeling processes to identify potential security risks early in development
• Collaborate with development teams to integrate security throughout the SSDLC, promoting secure coding standards and best practices
• Lead and mentor a team focused on application security, guiding secure coding practices, threat modeling, and risk assessments
• Lead pre-sales efforts and recommend the best security approaches based on client business needs
• Investigate industry trends, emerging threats, and best practices to continuously improve security posture

TOGETHER WE WILL

• Work with the world-leading companies and people on a wide range of projects and clients
• Have a variety of projects with different types of needs and requirements
• Operate towards a highly independent position with total ownership and accountability, but also support when needed
• Get a great deal of learning and development opportunities along our structured career path
• Build strong security expertise and make this world more secure