Junior Application Security Engineer
Athens, Greece
Netcompany
Innovative digital solutions that empower societies, companies, and institutions to take control of their processes and data to stay highly competitive.Company Description
We are Netcompany-Intrasoft, a member of Netcompany Group A/S, and a leading European IT Solutions and Services company with strong international presence and expertise, dedicated to responsible digitalisation. We offer innovative and added-value solutions of the highest quality to a wide range of public and private organizations, while being a key-player in the EU Institutions for the past 30 years. We hold an outstanding record of 500+ organizations in 70+ countries, that have chosen our solutions and services, to fulfil their business needs. Our team of 3500+ professionals is our driving force and our most valuable asset.
Job Description
What does it feel like to be a Junior Application Security Engineer in Netcompany-Intrasoft?
Join us as a Junior Application Engineer, you will be part of the Information Security Department and you will participate in the design, implementation, operation, and monitoring of the Secure Software Development Lifecycle roadmap of Netcompany-Intrasoft according to the business strategy and selected information security standards and best practices. Moreover, you will support application of security by design principles across Netcompany-Intrasoft products and software development services, and enhance security assurance levels related to application security through DevSecOps culture and automation.
As a Junior Application Security Engineer you will:
- Perform manual secure code review to identify and report security issues and weaknesses
- Review output from automated application security testing (e.g., SAST, DAST, SCA) and perform triage activities to assess relevancy of discovered vulnerabilities and rate their security impact
- Perform research and investigation to propose solutions in mitigating security vulnerabilities, at the application and code level, discovered by manual and automated security testing assessments
- Perform scoped manual security verification assessments with specialized tools (e.g., Burp, ZAP Proxy, Postman and other) and prepare reports describing issues towards development teams
- Review software architecture and design documentation to determine security threats, risks, and develop test-cases for manual security testing assessments
- Participate and contribute to application security training activities and workshops
- Give presentations on technical security topics towards internal development teams Support the implementation, configuration, and continuous tuning of scanning policies in DevSecOps tooling (e.g., SAST, DAST, CA)
- Support the automation of task execution related to DevSecOps tooling by developing scripts
Qualifications
What would make you a fit for the role:
- If you have Bachelor Degree in Computer Science or Computer Engineering field
- Master Degree in Information Security field or have some practical experience of 1 or more years in Information Security domain
- Ability to understand workflows written in programming languages such as Java, C#, JavaScript and/or Python
- Experience with OWASP Top 10 risks and CWE Top 25 vulnerabilities and discovering these vulnerabilities in assessment targets
- Knowledge in at least one of the following domains: HTML, CSS, URLs, DOM, Browser/Server Communication, Web Servers
- Knowledge in at least one of the following domains: Operating System Internals, Cloud Architecture, Container technology, Networking, Cryptography, Authentication mechanisms, Authorization controls, Input validation or DevSecOps
- Knowledge of exploitation techniques related to at least three of the following vulnerabilities: XSS, SQLi, IDOR, SSRF, CSRF, HTTP Header Smuggling; Knowledge of security verification tools such as Burp Suite, ZAP, SonarQube
- Knowledge of risk measurement frameworks (e.g., CVSS, CWSS);
- Excellent command of the English language.
Additional Information
Being a part of the Netcompany-Ιntrasoft team, you will be provided with:
- The opportunity to work in a modern environment & in a hybrid working model
- A seamless onboarding experience and a buddy to support you on your first steps
- A competitive compensation & benefits package
- Health and life insurance program
- Meal and commuting allowance
- Well-being activities (on premises)
- Continuous learning opportunities using the most modern methods (unlimited access to Udemy for Business, ad-hoc trainings)
- A personalized development plan for targeted career growth
If you are looking forward to be part of a diverse environment, and have the opportunity to work alongside well-experienced professionals, on challenging, large-scale projects that directly impact millions of citizens around the globe, then this is the place to be!
By joining Netcompany-Intrasoft Athens, you will be part of a vivid team of 2000+ tech enthusiasts. When at the office you will have the chance to work at our brand-new, state-of-the-art, sustainable offices, located in 3 different spots in Athens!
#LI-TM1
Our culture
Our people are the most important element of our success. Our work life is well defined by our set of fundamental Values: https://netcompany.com/careers/greece/our-values/
#BePartOfSomethingGreat!
Please submit your CV in English. All applications will be treated as strictly confidential.
We ensure equal opportunities, treatment, and consideration to all candidates. Discrimination based on sex, racial or ethnic origin, religion or belief, disability, age, sexual orientation or marital status, physical or mental disability, or any other factor protected by applicable laws and regulations is prohibited. As part of the Netcompany-Intrasoft culture, we respect human rights and focus on creating a positive workplace, where all employees are valued, and where diversity and inclusion are a vital part of our our everyday working experience.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Burp Suite C Cloud Computer Science Cryptography CSRF CVSS DAST DevSecOps Java JavaScript Monitoring OWASP PostMan Python SAST SDLC SonarQube SQL injection SSRF Strategy Vulnerabilities XSS
Perks/benefits: Career development Competitive pay Health care Insurance
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.