NIX is looking for a Medior Security Engineer with hands-on experience in Threat Modeling and Application Security. This role involves working independently in close cooperation with engineering teams to improve the security level of real systems.WHAT YOU WILL DO:Independent threat modeling of new and existing systems.Analysis of application architecture and identification of security risks.Definition of trust boundaries, attack surfaces and data flows.Proposal and justification of mitigation st
NIX is looking for a Medior Security Engineer with hands-on experience in Threat Modeling and Application Security. This role involves working independently in close cooperation with engineering teams to improve the security level of real systems.
WHAT YOU WILL DO:
- Independent threat modeling of new and existing systems.
- Analysis of application architecture and identification of security risks.
- Definition of trust boundaries, attack surfaces and data flows.
- Proposal and justification of mitigation strategies.
- Conducting security reviews.
- Performing basic pentesting and manual security testing.
- Consulting developers on secure design and implementation of solutions.
- Clear and structured documentation of risks, findings and recommendations.
WHAT IS IMPORTANT TO US:
- Deep understanding of the CIA triad, the difference between authentication and authorization, and access control concepts.
- Basic knowledge of OWASP Top 10.
- Hands-on experience in the areas of web application and API security.
- Good understanding of OAuth2 / JWT concepts and common attack patterns.
- Hands-on experience building threat models according to the STRIDE (or similar) methodology, documenting threats and their neutralization methods.
- Ability to explain security risks to non-security teams.
- Experience in pentesting: manual testing methods, mastery of basic security tools.
- Understanding the limitations of automated security scanning tools.
WILL BE A PLUS:
- Experience with SAST / DAST / SCA.
- Knowledge of Cloud security fundamentals.
- Experience working within the SSDLC development cycle.
- Availability of professional security certifications.
WHAT WE LIKE TO OFFER TO YOU
- A long-term strategy for your development as an expert together with the team;
- Participation in large international projects that allow mastering new technologies and domains;
- Educational events and professional training that will help build a further stable career;
- Decent remuneration that can flexibly grow depending on your success and responsibility;
- A friendly, cozy corporate culture.