AppSec Engineer / DevSecOps

If you want to:

• Conduct regular security assessments on new and existing products and perform code reviews to proactively find potential vulnerabilities;
• Seek out opportunities to automate processes when appropriate and integrate automation within CI/CD pipeline;
• Identify emerging classes of vulnerabilities and develop solutions for them before they're a problem;
• Triage and perform root cause analysis on reported vulnerabilities;
• Contribute security-focused feedback to engineers during all phases of the development lifecycle;
• Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns;
• Maintain and create secure development practices and programs for our engineering teams;
• Act as an ambassador for security within Surfshark and lead the Security Champions program.

And you can check off:

• 3+ years experience in security testing of web applications and native apps;
• Deep understanding of web and mobile application architecture and design principles;
• Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product managers;
• Experience with manual secure code review in languages such as PHP, JavaScript. C#, Kotlin, and SWIFT is a plus;
• Familiarity with common web application testing tools for DAST, SAST, IAST, and SCA analysis, such as Burp Suite, SonarQube, SEMGREP;
• Knowledge of authentication mechanisms like OAuth, etc.;
• Understanding common security flaws and resolutions published by OWASP, SANS, etc.;
• Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security;
• Ability to see patterns and commonalities to investigate complex issues;
• Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues.

Bonus points if you:

• Have experience with Amazon AWS services and are familiar with Kubernetes and VPN solutions;
• Have current or former security trainings or certifications, such as OSWE or similar;
• Have some background in software engineering in a collaborative and dynamic environment.

Here's the deal:

• Growth and learning opportunities: time dedicated to learning, conferences, online learning platforms, and books for your professional development;
• Health and wellness: we want you to feel and be your best. That's why we offer various benefits, from online workouts, a physical coach and a gym to regular mental health checks;
• Tools of your choice: choose technical equipment and the tools you need to do your best;
• Community and celebrations: get ready for long-lasting traditions such as yearly workation, Friday get-togethers, various team buildings and company celebrations;
• Convenient commuting: traveling from point A to point B can be a pain. That’s why, depending on your unique circumstances, we compensate part of your public transport costs;
• Work-life balance: as a general rule, we work based on a 3+2 hybrid model. And let’s not forget the WFA policy – an opportunity to work from anywhere in the world;
• Premium Surfshark accounts: for you, your family, and friends;
• Gross salary: 3150 - 6950 Eur/month for the Lithuanian market. It may vary depending on your skills, experience, or location.