Senior Application Security Engineer
Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Application Security Engineer to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.
WHAT YOU'LL DO
Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
Conduct security assessments for software components developed in the company.
Validate external security reports and bug bounty submissions.
Take part in the SLDC process development and implementation.
Conduct post-mortem reviews of application security bugs.
Consult engineers on application security matters, train them on secure development practices.
WHAT YOU BRING
Understanding of security models of Web/REST API, cloud, mobile and desktop apps.
Hands on experience with security assessment tools and attack techniques. You should be able to go well beyond inserting a quote in URLs.
Code assessments in programming languages Go, Python, Ruby, C/C++, JavaScript. Basic programming skills with Go, Python or another language will come handy.
Strong communication skills.
2+ years in Application Security
Strong knowledge of the modern web, mobile, and network security
Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage.
Please be ready to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
(Windows Security) Your opinion about LPE from Admin to the System user
How to count possible compromised accounts?
Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector
Please submit your resume and application in English
WHO WE ARE
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.
About the job
Apply for this position
Senior Application Security Engineer
Acronis is revolutionizing cyber protection—providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Application Security Engineer to join our mission to create a #CyberFit future and protect all data, applications and systems across any environment. People entrust Acronis with their data. We are responsible for keeping it safe and this constitutes the essence of the application security researcher job. The application security team works to make Acronis applications more secure against all kinds of threats. You will work with good guys on their responsible disclosure. You will find security bugs before bad guys do it. Together with the development team, you'll change development processes and practices to ensure that such kinds of bugs will never appear in our code again. You will monitor the attacks and respond to them. You will create novel solutions to detect and advanced approaches to protect applications.
WHAT YOU'LL DO
Threat modeling: Think about how attackers can compromise a system and what protections are needed against them
Secure Software Development Lifecycle: Help developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Vulnerability testing and analysis: Discover weaknesses once an application is deployed and advise development teams on remediation
Conduct security assessments for software components developed in the company.
Validate external security reports and bug bounty submissions.
Take part in the SLDC process development and implementation.
Conduct post-mortem reviews of application security bugs.
Consult engineers on application security matters, train them on secure development practices.
WHAT YOU BRING
Understanding of security models of Web/REST API, cloud, mobile and desktop apps.
Hands on experience with security assessment tools and attack techniques. You should be able to go well beyond inserting a quote in URLs.
Code assessments in programming languages Go, Python, Ruby, C/C++, JavaScript. Basic programming skills with Go, Python or another language will come handy.
Strong communication skills.
2+ years in Application Security
Strong knowledge of the modern web, mobile, and network security
Published security research, open source tools, blog posts, proven history of bug bounty programs participation considered a strong advantage.
Please be ready to answer in an interview the following questions:
What is the Same Origin Policy? Share your knowledge about Cross-site scripting contexts
Describe any attack like SQL injection, XXE, SSRF, or any other. Suggest right fixes and possible bypasses
(Windows Security) Your opinion about LPE from Admin to the System user
How to count possible compromised accounts?
Be ready to write a simple exploit or a few lines of code that allows checking some kind of attacking vector
Please submit your resume and application in English
WHO WE ARE
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.
Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact.
Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances.