Application Security Engineer

Acronis is a world leader in cyber protection—empowering people by providing them with cutting-edge technology that enables them to monitor, control, and protect the data that their businesses and lives depend on. We are in an exciting phase of rapid-growth and expansion and looking for a Application Security Engineer who is ready to join us in creating a #CyberFit future and protecting the digital world!

Application Security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the Development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.

WHAT YOU'LL DO

• Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
• Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices. Define and approve security architecture of the developed solution.
• Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
• Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation.

WHAT YOU BRING (EXPERIENCE & QUALIFICATIONS)

• Deep understanding of modern cybercrime and complex attack techniques
• Good knowledge and understanding of major attacks and recent security events
• Proven presentation skills and fluent speaking English
• Experience in malware analysis (windows executables, exploits, scripts)
• Experience in penetration testing and understanding of exploitation techniques
• At least 2 years of experience in Application Security.
• Strong knowledge of the modern web, mobile, and network security. Experience in penetration testing and understanding of exploitation techniques for web and mobile applications.
• At least basic programming skills with Go, Python or other languages. You don't need to be a skilled developer, but you will need to find a common language with our RnD team, so at least some understanding is necessary.
• Any public researchers, tools, disclosed tickets will be considered a strong advantage. Wrote a blog post about your research or have a CVE? Please, be sure to mention it.

Please be ready to answer in an interview the following questions:

• What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
• Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
• (Windows Security) Your opinion about LPE from Admin to the System user
• How to count possible compromised accounts?
• Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector

WHO WE ARE

Acronis is revolutionizing cyber protection by unifying backup, disaster recovery, storage, next-generation anti-malware, and protection management into one solution.  This all-in-one integration removes the complexity and risks associated with non-integrated solutions and offers easy, complete and reliable data protection for all workloads, applications, and systems across any environment—all at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.

Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.

#LI-WC1