Senior Cyber Security Engineer (#3288)

N-iX is a software development service company that helps businesses across the globe develop successful software products. During 22 years on the market and by
leveraging the capabilities of Eastern Europe talents the company has grown to 2200+ professionals with a broad portfolio of customers in the area of Fortune 500 companies as well as technological start-ups. N-iX has come a long way and increased its presence in nine countries - Poland, Ukraine, Romania, Bulgaria, Sweden, Malta, the UK, the US, and Colombia.

We seek a highly skilled Product Cybersecurity Engineer to join our Cybersecurity team. The Cybersecurity engineer will take part in a Product development team and will assume leadership for the cybersecurity practices.

Responsibilities:
To be the SME and review, instruct, and support the Digital R&D development on how to ensure:

• Secure Development Lifecycle (SDL): Incorporate security at every stage of product development, from design to deployment.
• Regular Security Testing: Conduct vulnerability assessments, penetration testing, and code reviews to identify and mitigate risks.
• Patch Management: Keep products up-to-date with the latest security patches and updates.
• Data Encryption: Protect sensitive data both in transit and at rest using robust encryption methods.
• Access Controls: Implement strict access controls to ensure only authorized personnel can access sensitive information.
• Secure Coding Practices: Follow best practices for secure coding to minimize vulnerabilities.
• Incident Response: Develop and maintain an incident response plan to quickly address security breaches.
• Compliance: Ensure products meet relevant regulatory and industry standards for security and data privacy.
• Third-Party Governance: Establish standardized governance for third-party suppliers to ensure they meet security requirements.
• Customer Communication: Maintain transparency with customers about security measures and provide support throughout the product lifecycle.

Knowledge and Experience: 

• 4+ years experience in applications security, penetration testing, red team or similar
• 7+ years of experience in the IT industry 
• Solid understanding of enterprise technologies and security tooling landscape.
• Knowledge of modern application architecture (microservices/cloud / asynchronous communication) and threat landscape.
• Ability to read application code, including CI/CD configurations + Some scripting skills is a great plus.
• Good knowledge of application vulnerabilities and related issues.
• Understanding of standard security practices, like incident management, vulnerability management, etc.
• Professional certifications, such as CISSP, OSCP, CEH, and others are a plus.

Would be a plus:  

• Fluent in the English language.
• Quick starter and learner.
• Readiness to research, investigate, and adjust to customer needs.
• Intuition and keen instincts to pre-empt attacks. 
• High level of analytical and problem-solving abilities. 
• Strong interpersonal and oral communication skills.