Application Security Engineer

About this company

One of the world’s leading companies recognized for innovation in combining security solutions using biometric authentication with critical infrastructure, covering a wide range of different areas. Its mission is to enable people around the world to easily verify and protect their identities.

Selection process

• FCS Tech Screening Questionnaire - 30min

• FCS HR Video Screening - 20min

• Client-side HR Interview - 30min

• FCS Tech Interview - 1h

• Client-side Hiring Manager Interview - 1h

Position details

As an Application Security Engineer you will be monitoring and maintaining the security posture of the client’s SaaS platforms. You will be responsible for ensuring that their software and services are designed and implemented securely. Furthermore, you will contribute to building, testing, and deploying tools to validate and enhance the security of client’s platforms.

Project details

The project you’ll be working for currently processes over 150 million biometric authentications per day, across six continents. Some of the leading clients are Mastercard Visa, BNP Paribas, SMBC, Denver Airport, PayPay, USAA Bank, and many others.

Last year, in response to the COVID-19 crisis, our client was one of the first to jump into the creation of digital health passports. They created a product you’ll also work on that allows a real-time verification of COVID-related credentials, such as health questionnaires and diagnostic lab test results, right on your smartphone.

Key responsibilities

• Validating the security of public-facing services. 

• Test to see if a malicious outsider could bypass security controls and elevate permissions.

Requirements

• Experience in applying OWASP tools and techniques in the context of cloud hosted services including hands-on experience in performing vulnerability scanning and penetration testing

• Software development experience primarily in Java

• Experience with web application security and the use of technologies such as load balancers and reverse proxies

• A thorough understanding of network topologies and design regarding security best practices such as defense in depth and least privilege

• Comfortable using the Linux/UNIX command-line interface

• Basic scripting abilities in Bash (Mandatory) and Python (Desirable)

• Experience of AWS and its various services (EC2, RDS, VPC, EKS, S3, Route53, KMS and IAM etc) from the perspective of security testing, audit and compliance

• A deep understanding of common network protocols and services (TCP / UDP, TLS, SSL, DNS, HTTP, SSH, SMTP)

• Familiarity in SCM usage (Git preferred)

• Experience in liaising with external penetration testing and vulnerability assessment providers

Mandatory

• Strong knowledge of Web application security

• Strong knowledge of cryptography and implementation techniques

• Strong coding experience in at least one programming or scripting language

• Ability to adapt and work multiple issues simultaneously

• Very good verbal and written English

Team

This is an exciting opportunity to work with a skilled team on the development of an in-house product with cutting edge technologies. The current working team consists of 3 members with Intermediate seniority and they use Matrix as a working methodology.

Working conditions

• 22 vacation days 

• Flexible start between 9 am and 10 am 

• Remote work (this must be discussed and approved beforehand with your Manager)

• Paid sick leave up to 30 days 

• Equipment - employees can choose between Mac or Windows-based computers

Benefits

• In-office daily lunches 

• Parking spot

• Private health insurance for the whole family

• Professional development budget

• 2K euros referral bonus

• Team buildings

• Performance-based bonuses

• Trips to Dublin