Job Description
Company Description
Are you ready to shape the future technological landscape in Europe?
We are dedicated to responsible digitalisation, building innovative, inclusive solutions that drive meaningful impact. With over 8,900 professionals across Europe, we help EU institutions, public and private organisations thrive in a rapidly evolving digital world. Are you ready to shape the future through technology? Your journey starts here. Take a look at some of our impactful projects here: https://netcompany.com/cases/
Job Description
Ever wondered what it feels like to be a Senior Application Security Engineer in Netcompany?
As a Senior Application Security Engineer, you will be part of the Information Security Department and you will drive the design, implementation, operation, and monitoring of the Secure Software Development Lifecycle roadmap of Netcompany-Intrasoft according to the business strategy and selected information security standards and best practices. Moreover, you will lead projects for the adoption of security by design principles in Netcompany-Intrasoft products and software development services, and enhance security assurance levels related to application security through DevSecOps culture and automation.
As a Senior Application Security Engineer you will:
- Define secure architecture patterns and secure design specifications together with software architects to guide software implementation
- Perform threat modeling in software architecture and software design artifacts prepared by software architects
- Lead research and investigation activities to propose implementation of application security controls at the code level
- Lead the execution of manual secure code review to identify and report security issues and weaknesses
- Lead the review of output from automated application security testing (e.g., SAST, DAST, SCA) and perform triage activities to assess relevancy of discovered vulnerabilities, rate their security impact and propose mitigation actions
- Lead scoped manual security verification assessments with specialized tools (e.g., Burp, ZAP Proxy, Postman and other) and prepare reports describing issues towards development teams
- Develop and deliver application security training activities and workshops
- Give presentations on technical application security topics towards internal development teams
- Evolve the implementation and configuration of scanning policies in DevSecOps tooling (e.g., SAST, DAST, SCA)
Qualifications
What would make you a fit for the role:
- Bachelor Degree in Computer Science or Computer Engineering field. AÂ Master’s Degree in Information Security field would be highly appreciated.
- Solid working experience in a relevant role
- Advanced skills in understanding workflows written in programming languages such as Java, C#, JavaScript and/or Python;
- Extended experience with identification and mitigation of OWASP Top 10 risks and CWE Top 25 vulnerabilities;
- Hands-on experience with secure design and security controls implementation in software applications that follow the micro-services architecture pattern;
- Practical experience performing threat modelling using relevant methodologies (e.g., STRIDE, PASTA, OCTAVE)
- Advanced technical knowledge in the following domains: HTML, CSS, URLs, DOM, Browser/Server Communication, Web & Application Servers;
- Technical knowledge in  the following domains: Operating System Internals, Cloud Architecture, Container technology, Networking, Cryptography, Authentication mechanisms, Authorization controls, Input validation and DevSecOps;
- Good knowledge of security verification tools such as Burp Suite, ZAP, SonarQube;
- Good knowledge of risk measurement frameworks (e.g., CVSS, CWSS);
- Excellent command of the English language (C2 level).
It would also be a plus if you match some of the following:
- Any Application Security certification, (e.g. CASE, CSSLP, CASS, CSP, GIAC Certified Web Application Defender).
- Any Information Security related certification, (e.g. CISSP, CEH, ISACA’s CSX, Microsoft AZURE Security Associate, AWS Certified Security Specialty).
- Any other Application Security Micro-Learning certification, (e.g., Burp Suite Certified Practitioner, Online Course Completion certifications by Udemy, HackTheBox, Â etc.)
- Hands-on experience in Software Development
Additional Information
Being a part of the Netcompany team, you will be provided with:
- The opportunity to work in a modern environment & in a hybrid working model
- A seamless onboarding experience and a buddy to support you on your first steps
- A competitive compensation & benefits package
- Health and life insurance program
- Meal and commuting allowance
- Well-being activities (on premises)
- Continuous learning opportunities using the most modern methods (unlimited access to Udemy for Business, ad-hoc trainings)
- A personalized development plan for targeted career growth
If you are looking forward to be part of a diverse environment, and have the opportunity to work alongside well-experienced professionals, on challenging, large-scale projects that directly impact millions of citizens around the globe, then this is the place to be!
By joining Netcompany in Athens, you will be part of a vivid team of 2,300+ tech professionals. When at the office, you’ll have the flexibility to work from our modern, sustainable, and state-of-the-art offices!
#LI-MR1
Please upload your CV in English via the Apply button. All applications will be treated as strictly confidential.
We ensure equal opportunities, treatment, and consideration to all candidates. Discrimination based on sex, racial or ethnic origin, religion or belief, disability, age, sexual orientation or marital status, physical or mental disability, or any other factor protected by applicable laws and regulations is prohibited. As part of the Netcompany culture, we respect human rights and focus on creating a positive workplace, where all employees are valued, and where diversity and inclusion are a vital part of our everyday working experience.
In the following link you may find our CV Submission privacy notice: https://netcompany.com/cv-submission-privacy-notice/
