Senior Application Security Engineer – Cloud Platforms
CENSUS SA
- Ελλάδα
- Μόνιμη
- Πλήρης Απασχόληση
- Reviewing product security designs, documenting missing security controls, and driving analysis for security improvements.
- Executing and reviewing threat modelling, attack surface enumeration and attack tree creation activities for products running on cloud platforms.
- Researching, reviewing, comparing, and proposing technologies that can satisfy the client's established requirements, and aligning with their strategies.
- Executing end-to-end security posture assessments via source code auditing, functional testing, fuzz testing and other applicable methodologies.
- Validating CI/CD pipelines and auditing deployment configurations across various hosting environment models (native, hybrid, etc.).
- Verifying if output implementation is aligned with the products' security architecture, requirements, and threat model.
- Documenting and presenting product security risks in both technical- and business-oriented language.
- Support a small team (2-3) of security engineers and consultants to successfully assess and research bleeding edge technologies and products.
- MSc or BSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
- 4+ years of experience in cloud application or cloud platform security related roles. Experience can be an engineering / development position (e.g., consumer or enterprise), an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them.
- Proven experience in developing, auditing, or testing security solutions for cloud platforms (public, private or hybrid Cloud Service Providers).
- Experience with reviewing and researching cloud platform security architecture and engaged technologies.
- Experience with the technologies of at least one of the major public Cloud Service Providers (GCP, AWS or Azure) and the security features they provide (Key & Secret management, IAM, Service Accounts, Workload / VM Identities, TLS / PKI, Load Balancing, storage encryption, data localization, etc.).
- Experience reading & comprehending source code, discerning business logic, and identifying security flaws in Web- and Cloud-relevant languages, such as Java, Ruby, Rust, Go, Python, C#, Lua, and JavaScript.
- Experience with application authentication, authorization, identity, access management, and secrets management technologies, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, Password-less authentication, HashiCorp Vault, etc.
- Experience with applied cryptography and cryptographic protocols, such as E2E protection, authenticated encryption, mTLS, Key Exchange / Agreement, Key Derivation, Key Wrapping and Remote Key Attestation.
- Experience in identifying and reporting security vulnerabilities on software running on cloud platforms (OWASP Web Top10 vulnerabilities, data encryption, transport layer protections, insecure configurations, secrets management, etc.).
- Experience with cloud confidential computing, virtualization, enclaves, containers, and workload attestation technologies.
- Familiarity with debugging, instrumenting, and profiling software running on cloud platforms.
- Familiarity with application reverse engineering or fuzz testing methods.
- Experience of working with international teams in other regions and time zones worldwide.
- Problem solving skills, analytical thinking, and willingness to learn/grow.
- Proficient in English and excellent communication skills.
- Ability to travel