AppSec Engineer / DevSecOps

To achieve the highest level of protection in the company, the Cyber Security team builds and fine-tunes security systems, processes, and training programs to ensure that passive cybersecurity is the first line of defense. 

Each day this team fights against cyber criminals using globally trusted cybersecurity products that are not limited but include EDR/XDR, WAF, HIDS, and NIDS solutions. They collect threat intelligence information and adopt it in our systems to prevent cybersecurity incidents.

Horrifying threats like malware, ransomware, web applications attacks, Man-in-the-Middle attacks, social engineering, DDOS, privileges escalations, vulnerabilities, and remote code execution only bring a smile to the faces of this Cyber Security squad. However, what they like the most is threat hunting. We can't tell you anything else as we need to keep our top security secrets, but we can promise you won't be bored if you join this team.

If you want to:

• Conduct regular security assessments on new and existing products and perform code reviews to proactively find potential vulnerabilities;
• Seek out opportunities to automate processes when appropriate and integrate automation within CI/CD pipeline;
• Identify emerging classes of vulnerabilities and develop solutions for them before they're a problem;
• Triage and perform root cause analysis on reported vulnerabilities;
• Contribute security-focused feedback to engineers during all phases of the development lifecycle;
• Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns;
• Maintain and create secure development practices and programs for our engineering teams;
• Act as an ambassador for security within Surfshark and lead the Security Champions program.

And you can check off:

• 3+ years experience in security testing of web applications and native apps;
• Deep understanding of web and mobile application architecture and design principles;
• Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product managers;
• Experience with manual secure code review in languages such as PHP, JavaScript. C#, Kotlin, and SWIFT is a plus;
• Familiarity with common web application testing tools for DAST, SAST, IAST, and SCA analysis, such as Burp Suite, SonarQube, SEMGREP;
• Knowledge of authentication mechanisms like OAuth, etc.;
• Understanding common security flaws and resolutions published by OWASP, SANS, etc.;
• Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security;
• Ability to see patterns and commonalities to investigate complex issues;
• Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues.

Bonus points if you:

• Have experience with Amazon AWS services and are familiar with Kubernetes and VPN solutions;
• Have current or former security trainings or certifications, such as OSWE or similar;
• Have some background in software engineering in a collaborative and dynamic environment.

Here's the deal:

• Growth and learning opportunities: time dedicated to learning, conferences, online learning platforms, and books for your professional development;
• Health and wellness: we want you to feel and be your best. That's why we offer various benefits, from online workouts, a physical coach and a gym to regular mental health checks;
• Tools of your choice: choose technical equipment and the tools you need to do your best;
• Community and celebrations: get ready for long-lasting traditions such as yearly workation, Friday get-togethers, various team buildings and company celebrations;
• Convenient commuting: traveling from point A to point B can be a pain. That’s why, depending on your unique circumstances, we compensate part of your public transport costs;
• Work-life balance: as a general rule, we work based on a 3+2 hybrid model. And let’s not forget the WFA policy – an opportunity to work from anywhere in the world;
• Premium Surfshark accounts: for you, your family, and friends;
• Gross salary: 3150 - 6950 Eur/month for the Lithuanian market. It may vary depending on your skills, experience, or location.