Application Security Analyst (Mid/Senior)
Porto
EUR 30000 - 40000
Make an impact by working for sectors where technology is the enabler, everything is ground-breaking and there’s a constant need to be innovative.
Be part of the team that combines business knowledge, technological edge and a design experience. Our different backgrounds and know-how are key in developing solutions and experiences for digital clients.
Face challenges and learn other ways of thinking and seeing the world - there’s always room for your energy and creativity.
About the role
Celfocus is looking to add an Application Security Analyst to join our team.
As a part of your job, you will:
* Conduct analysis and threat modeling for new and existing Celfocus products/projects.
* Analyze and discuss requirements; interact with all participants in the software development process.
* Perform penetration testing on web applications.
* Conduct both manual and automated testing.
* Participate in the creation and development of the company's products at all stages of their life cycle.
What are we looking for?
* A lively and flexible mind, clear logic, a detail-oriented approach.
* Capability to align with teams from Analysts, Designers, Architects, Developers to DevOps.
* Knowledge of HTTP.
* Working knowledge of programming languages.
* Knowledge of the Top 10 OWASP vulnerabilities: how to find, exploit, and fix them.
* Knowledge of Burp Suite or other popular web scanners like ZAP, Acunetix, Netsparker, etc.
* The desire and ability to work in a team.
* The desire to develop yourself in the field of application security.
* Knowledge of English at least at the level of reading technical documentation.
Nice to have:
* Good knowledge of Linux or Windows operating systems.
* Skills in scripting and automating your work using Powershell, Python, Bash, etc.
* Knowledge of the OWASP Application Security Verification Standard (ASVS), OWASP Testing Guide and experience in whole product or feature planning.
* Familiarity with various protocols and attacks against them (OAuth, JWT, websockets, etc.).
* Experience with public clouds (Azure, AWS, GCP).
* Experience with pipeline orchestrators (Jenkins, Azure DevOps, GitLab CI/CD).
* Penetration testing experience.
* Ability to adapt to different contexts, teams, and clients.
* Teamwork skills but also a sense of autonomy.
* Motivation for international projects and willingness to travel.
* Willingness to collaborate with other players.
We want people who like to roll up their sleeves and open their minds. Believe this is you? Come join the Team!
#J-18808-Ljbffr