Security Engineer in Oro

27 серпня 2024

Security Engineer

Київ, віддалено

Requirements:

• Proficiency with penetration testing tools (e.g., Metasploit, Burp Suite, Nmap) and vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS)
• Strong understanding of network protocols, web application security, and common vulnerability frameworks (e.g., OWASP Top 10, CVSS)
• Linux OS: internals, permissions, configuration
• Programming and Scripting: bash, python etc, PHP
• Cryptography

Responsibilities:
Penetration Testing

• Develop and maintain OroCommerce and OroCloud network infrastructure penetration testing methodologies compliant with PCI DSS 4.0
• Conduct thorough external and internal network penetration testing of OroCommerce instances, OroCloud maintenance infrastructure and Oro IT systems, networks, and applications to identify vulnerabilities that could be exploited by malicious actors.
• Conduct OroCommerce web application penetration testing
• Simulate real-world attacks to evaluate the effectiveness of security measures and identify potential weaknesses
• Document and communicate findings, providing actionable recommendations to mitigate identified risks
• Collaborate with development and operations teams to ensure vulnerabilities are addressed promptly.

Vulnerability Scanning

• Perform regular internal vulnerability scans and segmentation tests of OroCommerce instances, OroCloud maintenance infrastructure, and Oro IT systems
• Ensure that vulnerability scanning procedures are in strict compliance with PCI DSS 4.0 standards
• Analyze scan results, prioritize vulnerabilities based on risk, and work with relevant teams to remediate identified issues
• Maintain up-to-date knowledge of emerging threats and vulnerabilities, adjusting scanning and testing strategies accordingly
• Automate and optimize vulnerability scanning processes where possible

Reporting and Documentation

• Create detailed reports summarizing findings from penetration tests and vulnerability scans, including risk assessments and recommended remediation actions
• Maintain accurate records of all testing activities, including methodologies, tools used, and results
• Evaluation of external bug reports

Working conditions:
— Competitive salary in USD
— The opportunity for professional growth
— Welcoming atmosphere (awesome team of professionals always ready to help)
— Participation in conferences
— Onboarding program

About the project:
Oro, Inc. is a software development company based in the U.S. and focused on open source business applications development. We started seven years ago, in late 2012 and today our team has grown to 150+ players who bring the cutting edge technical expertise in web application and business software development and integration.
As a product company, we focus on the development of Oro suite open source software solutions for multi-channel businesses:

OroPlatform — a business application platform that helps companies accelerate their custom business application development. OroPlatform is used as a baseline for all Oro products.
OroCRM — a CRM solution for multichannel companies, with built-in marketing tools.
OroCommerce — an e-commerce platform purpose-built for B2B companies.