This position is exclusively open to Ukrainian population inside Ukraine (Prefer Kyiv or LVIV).

Our security engineering team is looking for a mobile quality guarantee engineer with a strong focus on protection. If you are interested in conducting safety assessments, reviewing safety features for applications and verifying their health, indicating safety controls, work may be along with software developers is your position.

We are ready to invest time in your education if you are ready to work hard and responsibility. Besides technical skills, we will teach you leadership, time management, work context, and how to continue to improve cybersecurity despite the growing anthropia in the world.

Main responsibilities:

• Participate in safety assessments for mobile applications (iOS, Android, FLTTER, RACT NATIVE). Focus on platform security controls (biological measurements, safety storage, devices capabilities, reverse engineering protection).
• Deal with a portable phone application as a larger system, suggested safety defenses from the application to the back and back interface (transport protection, TLS Pinning, anti -cheating systems).
• Participate in SSDLC for our products and customers. Explain the risks and threats, and work with developers to determine safety control elements that improve security without restricting use/performance.
• Continue on a permanent knowledge of the emerging security threats, weaknesses, and controls (read articles and papers, follow the CVE updates, understand how the scene changes the threat, understand how to apply prescribed ideas, and read NIST).
• Dive into the safety of the application, infrastructure security, data safety, IOS Security, ML Security with our skilled team. See the relevant case studyWritten from the engineer’s point of view.
• Share your business as conversations for conferences, blogs (See example React Native Security), Contributing to open source standards such as OWASP.

requirements:

• Experience in conducting a dynamic safety evaluation of mobile applications and their application programming interface.
• Experience in making fixed safety assessments (reading icon, using tools like mobsf).
• Good understanding of Owasp Mas (MASVS + MASTG).
• Understanding the security of the safety of mobile devices (biological measuring iOS, protecting screen shots on Android, etc.).
• Understanding the application of the application programming interface and its weaknesses (transportation, Idors, TOCTOU, checking input health, reducing average).
• A comprehensive understanding of information security, and how the risks and threats in the real world affect the choice of security controls.
• Experience in the famous safety tools required for the function, or the ability to learn it quickly (fence suite, network analyzes, mobsf, various scanners of STT and Dast, dependency and weakness).

Nice to be:

• Be familiar with other frameworks of the application safety and software ripening: Owasp Samm, Owasp Asvs.
• Understanding SSDLC (Owasp SSDLC, NIST SSDF).
• A mobile phone development experience. Experience with some mobile phone accumulation tools: Xcode, Android Studio, Testflight, Firebase, Appcentter, Bitrise, Fastlane, etc.
• Experience in breaking protection/rooting your devices.
• Experience in reverse engineering applications, bypassing TLS installation, and source code analysis.
• The basic knowledge of encryption: understanding the differences between identical and asymmetric encryption, retail, KDF.

Employment process:

• CV review – 1-5 Work days.
• Test task – estimated time 3-4 hours.
• Introduction meeting with the head of security engineering.
• Technical interview with many team members.
• Provide discussion.

What is there for you?

• Feeling of meaning and responsibility for those looking for the purpose – we build a “invisible fabric of modern civilization” – to finance infrastructure, power networks, and health care, and we are trusted with very difficult aspects of it.
• Competitive compensation with a flexible reward scheme.
• Mixed business model: This position allows a set of work in the office and bond as needed.
• UK clients, European Union and the United States of America.
• Working at the ML Security crossroads, supporting the encryption protocol, protecting devices, developing reverse mobile applications, and securing web applications for millions of users.
• Register the general tracking on the open side of our products.
• Conferences, books and courses – We encourage learning and participation with society. Our team’s participation a lot in Talks and workshopsAnd Blog publications.
• Paid vacation – 21 working days per year.
• Paid sick papers.

About Qudaq Laborators:

We are a data security solution company, we provide dedicated solutions for innovative software development teams all over the world. Our program is known among the off -security teams, which OWASP recommended and popularly to solve complex security challenges. Regardless of building “outside the cliff” solutions, we design safety control elements for new problems.

We are working in an area of ​​B2B, with customers such as IIOT, AI / ML systems, critical systems for mission, robots, navigation, power network operators, payment processors, financial applications, legal companies, customer applications a million users. We meet the needs of young startups and established institutions, which use our programs and solutions as an essential part of the security arsenal. Our customers are smart, but they are very required.

Markets: European Union, UK, USA, UA.

Read more about us -> Cossacklabs.com/about/

I am not sure, but look? Send us an email, contact in social networks, or just ping Anastasiia in Telegram directly.