Luxoft, the global IT outsourcing company providing software development services, opens the senior level  position in St.Petersburg.

Successful candidate has 5+ years of Java development with code safety in mind (code reviews, code inspection and analysis, unit testing). He/she also has experience with web development (not necessarily with Java) and strong motivation to combine software development experience with code analysis to help our customers (world known companies) secure their solutions and pass security audits. He/she might not have prior any explicit experience with application security as we provide all necessary trainings and materials. The position assumes business trips and participation in relevant conferences.

Responsibilities:

• Review of design documentation (including requirements, design and implementation) to ensure that secure practices are being followed throughout the software development lifecycle
• Manual review of application source code in term of security
• Automated scanning of source code using special tools
• Following and maintaining the vulnerability management processes including:  identification, analysis, remediation and reporting

Required Qualification and Skills:

• Scientific degree in computer science, information technology, or a relevant discipline
• 5+ years experience in developing Java Enterprise solutions
• Strong communication and organization skills
• Strong command of English language (written and oral)
• Strong detailed analytical thinking, problem solving and results oriented skills
• Basic knowledge of Unix operation system
• Motivation to work in Application Security area

Desired Qualification and Skills:

• Good understanding of security concepts: authentication, authorization, private and public-key encryption, digital signature and non-repudiation, etc.

• Knowledge of security-related associated standards/frameworks is a big plus (e.g. WS-Security, X.509, SAML, JAAS, LDAP, SSL, OpenSSO, OpenIAM, etc.)

• Knowledge of web-applications security aspects (e.g. OWASP’s top 10 vulnerabilities) and secure coding best practices is a big plus

• 2+ years of software development experience in the following technology area:

          -  .NET applications: a good working knowledge of one or more .NET languages (ideally both C# and ASPX), Microsoft Visual Studio IDE v.2003 or higher, .NET 1.1, 2.0, and/or 3.0, build and packaging process for .NET applications for deployment

          -  C/C++ based applications and libraries: a working knowledge of The C/C++ language(s), a C/C++ compiler (e.g. gcc, cc/CC, cl), familiarity with the standard APIs (clib, socket, MFC, STL, etc), build process for applications and static/shared libraries assisted with a build-script tool (e.g. make, gmake, nmake, devenv, perl)

Work conditions:

• Salary level is discussed with a successful candidate.
• Social package (medical insurance, education etc).