Vodafone Ukraine is an international company with the leading positions in the field of technology and telecommunications, implementing ambitious projects and products in all business spheres, including Cloud Services, Big Data, IoT, Smart City.
Requirements:
2 years of experience in Information Security
Strong expertize in performing security analysis and identifying possible vulnerabilities, creating Vulnerability Assessment report
Skilled using various tools like Automatic Scanner, NMAP, Dirbuster, Qualys, Nexpose, Nessus, BurpSuite, Metasploit and etc for web application penetration tests and infrastructure testing
Responsibilities:
Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation
Perform pen tests on different application
Perform grey box, black box testing of the web applications
Create written reports, detailing assessment findings and recommendations
Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms
Perform risk assessments to ensure corporate compliance
Controls on session management like Server-side session states, session termination, Session ID randomness, expiration, Unique tokens, concurrent logged in session, session fixation prevention
Perform Static assessment of various applications by Static code analyzers
Perform Dynamic assessment of applications by code analyzer tools and verify false positives
Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications
Performed static code reviews with the help of automation tools
Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis
Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems
Perform, review and analyze security vulnerability data to identify applicability and false positives
Work closely with research and development teams for vulnerability remediation
Plan and Design Vulnerability assessement process
Work with other employees to improve the level of cybersecurity
Analyze and assessed risk in the environment
dentify issues in the web applications in various categories like Cryptography, Exception Management
Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards
Analyze parsed data from Qualys for Vulnerability Remediation
Work on Vendor based Applications, Middleware and layer products
Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
Perform remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java
Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations
Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Qualys and Passive Vulnerability Scanning
Work on Enterprise Release Management and Governance activities
We offer:
Official employment & social guarantees
Flexible work hours and remoted working days
31 calendar days of vacation
Medical insurance
Professional trainings
Free mobile communication & discounts for family members
You are welcome to send us your CV with the salary expectations.
To help us with our recruitment effort, please indicate your email/cover letter where (vacanciesinukraine.com) you saw this job posting.