Luxoft, the global IT outsourcing company providing software development services, opens the senior level  position in St.Petersburg.
 

Responsibilities:

• Participation in walkthrough of requirements, architecture, design and other SDLC documents for identifying potential security threats

• Identification of vulnerabilities in existing application by:
  • Static analysis of code facilitated with tools like HP Fortify SCA
  • Web-application vulnerabilities scanning facilitated with tools like HP Web Inspect
  • Manual intelligent attack simulation (hacking) over deployed application
• Producing joint vulnerabilities report and working out recommendations for developers hot to remediate found defects. Producing project-specific development guidelines

• Adjustment of static analysis and dynamic testing tools with project-specific rule sets

• On-demand extension of security audit environment with tools and scripts (e.g. automated parsing of application logs for sensitive data, or utilization of XML-security validation frameworks)

Required Qualification and Skills:

• Interest for professional growth on field of application security

• Analytical mindset, attention to details, orientation on results

• Average or above written and spoken English

• Degree in computer science or mathematics. Accomplished university education profiled for security is a big plus

• 2+ years of software development experience in the following technology area:
  •  Java & J2EE applications: Java language and best practices, JEE APIs (JSP, JSF, EJB, JDBC, JPA, JAX-WS, etc), typical associated third-party frameworks (Spring, Hibernate, Log4j, Struts, etc), build and deployment process and tools for Java/J2EE applications, Eclipse-based IDEs
  •  At least basic knowledge of XML, web-services, and SQL

Desired Qualification and Skills:

• Good understanding of security concepts: authentication, authorization, private and public-key encryption, digital signature and non-repudiation, etc.

• Knowledge of security-related associated standards/frameworks is a big plus (e.g. WS-Security, X.509, SAML, JAAS, LDAP, SSL, OpenSSO, OpenIAM, etc.)

• Knowledge of web-applications security aspects (e.g. OWASP’s top 10 vulnerabilities) and secure coding best practices is a big plus

• 2+ years of software development experience in the following technology area:
  •   .NET applications: a good working knowledge of one or more .NET languages (ideally both C# and ASPX), Microsoft Visual Studio IDE v.2003 or higher, .NET 1.1, 2.0, and/or 3.0, build and packaging process for .NET applications for deployment
  •  C/C++ based applications and libraries: a working knowledge of The C/C++ language(s), a C/C++ compiler (e.g. gcc, cc/CC, cl), familiarity with the standard APIs (clib, socket, MFC, STL, etc), build process for applications and static/shared libraries assisted with a build-script tool (e.g. make, gmake, nmake, devenv, perl)

Work conditions:

• Salary level is discussed with a successful candidate.
• Social package (medical insurance, education etc).