Senior Security Engineer in Constanţa

JavaScript (regular) .Net (regular) Java (regular) Python (regular) Bash (regular) Powershell (regular) Git (regular) analisys (advanced) Security (advanced) Cloud Platform (advanced) Our people love the exciting and meaningful work they do, the cutting-edge resources and technology they have access to, the benefits we offer and the great community we’ve built. Want to join them? Salary offered: 13 000 - 22 000 PLN gross per month (contract of employment) GSS - is a FinTech start up with heavy backing, both financially and from across their target industry. Their vision is to build an on-demand service to replace an old and ineffective system which their target market all has deployed on premises. The core functionality will be commercial software, similar to that currently deployed on premises. Kainos is building all of the surrounding services : infrastructure as code, message handling, data handling and persistence, analytics, operations, orchestration, integration with customers, and a whole lot more. This is Kainos’ largest commercial sector project – and will really put us on the map: multi-million Euro deal, multiple years of ongoing development and service. A chance to build something that changes an industry! We work fully remotely in Kainos but we might require you to visit our Gdansk office occasionally for team activities or company events. For candidates based in 3city – our Gdansk office is open so if you prefer to work from the office or in a hybrid model, you are welcome to do so. We adjusted the office so it follows all pandemic restrictions. Some of our projects might require traveling to the customer site in the UK. If you would be willing to travel to the UK, it would be crucial for you to have easy access to the airport. We would of course cover your traveling expenses. As a Senior Security Engineer , you will work in close collaboration with our technology teams to design and implement secure, cloud-based software solutions for our clients. Working as part of a multi-disciplinary Agile team, you will implement DevSecOps practices throughout the software development lifecycle, embedding security practices (e.g. vulnerability management, threat modeling etc.) and automating security artifact generation (e.g. secret scanning, container security, SAST, DAST etc.). You will provide subject matter expertise in application security or cloud security – sharing knowledge on threats and vulnerabilities, identifying appropriate security controls, and increasing cyber security awareness within teams. Your key responsibilities will include: Daily collaboration with the application development and cloud platform teams to plan and prioritise security requirements as part of the secure software development lifecycle (SSDLC). Recommending security best practices for cloud platforms and automating compliance with cloud security baselines (e.g. CIS Benchmarks). Implementation of automated security tooling (e.g. within a Continuous Integration (CI) pipeline) to validate security requirements and identify potential issues. Working with external organisations to plan, scope and facilitate penetration tests. Reviewing the outputs from security tools and security practices. You will filter and prioritise these into security stories that can be understood and actioned by the delivery teams. Verifying the implementation of security principles, architectural patterns, and requirements. Driving the adoption of cyber security practices (e.g. vulnerability management, threat modelling etc.) within Agile delivery teams. Putting people first & developing others – You’ll help coach and develop more junior members of the team. Minimum (essential) requirements: Experience of implementing application security or Cloud platform security. A detailed understanding of web application security. An understanding of modern cryptography and its application for encryption in-transit, encryption at-rest, hashing and digital signatures. An understanding of security practices such as threat modelling, vulnerability management, application security testing, and penetration testing. Experience of integrating application security tools (e.g. static analysis, dynamic analysis etc.) into the SSDLC. Experience of using modern version control systems (e.g. git) and either a scripting language (e.g. Bash, Powershell etc.), or a programming language (e.g. Python, Java, .NET, JS etc.), or an Infrastructure as Code language (e.g. Terraform, ARM Templates, Ansible etc.) to automate tasks. The ability to convey security issues to technical and non-technical people. Desirable: An industry recognised qualification in Cyber Security. AWS or Azure mid-level certifications. Participation in the cyber security community (e.g. OWASP, HackTheBox, CTFs etc.). Experience working with agile software development methodologies (e.g. Scrum or Kanban). What we offer: Company share scheme plan. Private medical insurance at Medicover. Multisport card. Group life insurance. 3000 Pounds for refer-a-friend scheme. Reimbursement of the costs of purchasing a chair and desk to be used in the home office. Access to Pluralsight online training. Core hours (starting work between 8 am and 10 am). WHO YOU ARE: Our vision is to enable outstanding people to create digital solutions that have a positive impact on people’s lives. Our values aren't abstract; they are the behaviours we expect from each other every day and underpin everything that we do. We expect everyone to display our values by being determined in how obstacles are overcome; honest when dealing with others; respectful of how you treat others; creative to find solutions to complex problems and cooperative by sharing information, knowledge and experience. These values, applied collectively, help to produce an outstanding Kainos person, team and culture.