Automation of the search and elimination of vulnerabilities in the infrastructure and product.
Suggesting possible ways of operation and recommendations for their elimination.
Exploring new tools in the security market and implementing them to eliminate threats.
Our expectations
Confident knowledge of Linux and Docker.
Understanding the security issues of large infrastructure. Knowledge of modern attacking techniques, attack vectors of penetration into the infrastructure, and knowledge of standard solutions.
Knowledge of attack vectors and methods of protecting WEB applications (OWASP TOP-10), and understanding of modern WEB technologies.
Good knowledge of network technologies and protocols within Linux (TCP/IP, HTTP, TLS, HTTP Proxying, iptables/nftables).
Ability to automate your activities using Bash/Python/Go/Ansible/Terraform.
Understanding and ability to apply Infrastructure as Code approaches.
Will be a plus
Experience in conducting pentests.
Experience in implementing security controls using the Zero Trust approach.
Experience working with Service Mesh solutions.
Experience working with WAF/IDS/IPS type systems.
Experience in embedding tools for static and dynamic vulnerability analysis of applications in development processes.
Experience in developing web applications or experience working in the role of AppSec.
Knowledge of Prometheus and Grafana Loki.
Or the desire to develop in the above listed areas.