Extelligence is an intelligent partner that goes the extra mile. We provide customized information management solutions for major industries. Our team in Prague and Bucharest is working with international companies, transforming, and adding value to their business on a daily basis. We are growing quickly, and we are interested to bring more talented individuals into our team. 

Role Overview:

The Application Security Testing function delivers global services and technology capabilities to ensure alignment with the strategy and key investment areas identified in the Application Security space.

A key purpose of this role is to provide senior technical expertise and leadership in the areas of application security, secure software engineering practices and application security testing. It will contribute to the definition and implementation of the Secure Software Engineering Strategy. It will help drive key technologies and processes to ensure they are used in a manner that will further reduce potential risk to the client systems and data.

The role will be an advocate for the strategy when interacting with engineering teams across the organization and support the implementation of security solutions throughout the software engineering lifecycle.

This is a collaborative role working across global services and functions, supporting customers from multiple business units and liaising with 3rd party vendors and partners when required. This role will liaise with senior stakeholders and provide senior technical expertise to help Leadership Team make better informed decisions in the app sec space.

Responsibilities:

• Contribute to the protection of the client’s web and mobile applications and information assets.
• Ensure proper operation of security testing services and tools.
• Define and implement efficient security and compliance controls within CI/CD pipelines to enable agile development efforts.
• Define and implement processes for remediation of findings and vulnerabilities identified in security testing.
• Contribute to the updates of internal standards, policies, processes and learning materials to reflect changes in secure application development space and investment in new tools.
• Work with senior stakeholders and leadership team on the definition and enhancements of the client Secure Software Engineering Strategy.
• Provide senior technical advice and recommendations for the selection of tools and processes supporting the strategy.
• Assist in the development and integration of automated security capabilities and service models throughout the application lifecycle such as Threat Modelling, SCA, SAST, DAST, cloud and Container Security.
• Work closely with diverse product and platform teams throughout the client’s company to promote the embedding of security into Software engineering processes.
• Delivering Secure Software engineering knowledge sharing sessions to engineering teams to promote security awareness throughout the client’s company.
• Provide recommendations to Leadership Team on further improvements in the application security space based on ongoing review of internal processes and services.

Must Have Skills and Experience:

• Proven track record of working in an IT group with experience in application security, threat analysis or vulnerability management.
• At least 3 years – background in more than one of the following: DevSecOps, web/mobile application development, secure code review, vulnerability management.
• Familiarity with Open Web Application Security Project (OWASP) testing guides and methodologies for web and mobile applications.
• Familiarity with various categories of security testing tools, e.g. VM scanners, SAST, DAST etc.
• Demonstrated ability for sound judgment with strong emphasis on quality, cost and service improvement.
• Passionate about computer security, willingness to learn new technologies.
• Excellent communication skills, both written and verbal, to openly convey information relevant to a variety of stakeholders, using their own terminology.

Nice to Have Skills and Experience:

• Experience of working with 3rd Party vendors.
• Background in software development (Python / Golang / Java).
• Experience with pipeline technologies and automation (Jenkins, Azure DevOps, Chef).
• Experience of embedding security into pipelines (SCA, SAST, DAST, SCA, Container Sec).
• Experience with container/orchestration tools (Kubernetes, Docker).
• Experience with building solutions on cloud platforms (Azure and GCP).
• Experience of working in an Agile team (Scrum, VFQ, SAFE).

Working with Extelligence:

• We take care of the important things that matter to contractors, for example, we guarantee on-time payment for your work. You will never have to chase us for payment.
• We always seek to have long term relationships with our team and we always seek to offer opportunities to extend cooperation beyond the first contract or project.
• Extelligence is a multicultural team, we have more than 15 different nationalities working with us.
• We also organize events to bring our team together including team building activities and social events.