Senior Security Quality Engineer

Luxoft
Senior
Online interview
B2B Employment contract
Remote
Remote possible
100%

Project description

Our Video Collaboration products help companies stay connected and can be found in the conference rooms of some of the biggest businesses in the world. We are a small nimble group and we are growing our team. We create amazing experiences in the conference room using creative design, surprising science, and innovation. We love what we do because we are passionate about connecting people and we use the products we create every day to stay connected to our team.

We are looking for a Senior Security Quality engineer who can think out of the box and define how to validate product security and continuously invest in making our products more secure..

Ideal candidates can come from many different backgrounds — you may be a software quality engineer who is passionate about security, have already worked in product security teams, or you've had experience working as a security quality consultant.

Product Security goes beyond finding and eliminating security vulnerabilities in our products; we want to stop them occurring in the first place. As a team, we're passionate about root cause analysis; training and awareness; driving security in product road maps; and improving on core frameworks, infrastructure or detection tooling.

Your tasks

Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. Leave your ego at the door when you come to work every day. These are the behaviours you'll need for success at project. In this role you will be responsible for:

Drive definition of security test plans and execution

Build scripts and tools for automating validation of device security

Support pentesting and other security activities

Define security state of the devices and report out

Continuously monitor systems security as new builds roll off and recommend/drive corrections, as needed

Who we're looking for?

MUST
  • Good experience working with network appliances and/or IOT endpoints
  • Experience with programming in python, bash and other scripting languages
  • Good knowledge of PKI namely, ciphers like AES,3DES, hash functions like MD5, SHA-1,2,3, cryptography like RSA,DSA,ECC
  • Experience developing automation scripts using UnitTest, PyTest or equivalent test framework for Android based devices
  • Good knowledge of Android security test suites and what capabilities are tested
  • Good knowledge of device security like bootloader locking/unlocking, fusing, debugging and collecting logs and minimal triaging
  • Able to generate metrics, reports to communicate the current state of the system
  • Must have built tools to automate system testing using adb
  • Good experience working with tools like wireshark,USB analyzers etc for collecting traffic on network interfaces/USB etc.
  • Have supported all aspects of device security validation on at least one commercial device
  • Have supported device validation for pentesting readiness
  • Advanced knowledge of revision control and code review tools like git, gerrit and build infrastructure like gradle, maven, jenkins
  • Must have mentored other junior engineers and get the job done with a high sense of ownership and responsibility
  • Must have good knowledge of how to configure and work with firewalls, proxies, 802.1x, Ethernet,Wifi,BT/BLE
  • Must have good knowledge of intrusion detection, malware, viruses and other types of threats to the devices
NICE TO HAVE
  1. Security assessment methodologies

Common security flaws in two or more modern tech stacks. For example:

  • Android mobile applications/frameworks
  • Linux
  • Cloud connected Services
  • OTA
  1. Security by design
  • Ability to read and understand threat modelling (e.g. STRIDE, DREAD, etc.)
  • Understand how IOT devices/appliances are secured in general and best practices
  1. Security Certifications
  • Have a good understanding of various certifications and how to validate the device against them and identify gaps
  • EN 303 645, CALIFORNIA SB-327,CCPA, GDPR, FIPS 140-2, IoT security compliance framework, FedRAMP, ISO/IEC 27000
Work environment

Our company

Luxoft

Gdańsk, Wrocław, Warsaw, Krakow, Zug 13000
Tech skills
  • Java
  • JavaScript
  • .Net

Check out similar job offers