Security Analyst / Penetration Tester in DataArt

## About the vacancy DataArt is a global software engineering firm. With over 20 years of experience, teams of highly-trained engineers around the world, deep industry sector knowledge, and ongoing technology research, we help clients create custom software that improves their operations and opens new markets. DataArt started out as a company of friends and has a special culture that distinguishes it from other IT outsourcers, such as: — Flat structure. There are no “bosses” and “subordinates”. — We hire people not to a project, but to the company. If the project (or your work in it) is over, you go to another project or to a paid “Idle”. — Flexible schedule, ability to change projects, to work from home, to try yourself in different roles. — Minimal bureaucracy and micromanagement, convenient corporate services. ## Responsibilities * Analyzing security threats (applications and network infrastructure in general) to detect and eliminate potential vulnerabilities * Penetration testing using white/black box methodologies (including analysis of the application’s source code) * Informing clients about discovered vulnerabilities by creating detailed reports (including a description of possible risks and recommendations on fixing vulnerabilities) * Supporting the process of fixing vulnerabilities and participating in the development of control mechanisms for creating secure code * Continuous communication with the client to clarify the necessary details and tasks * Actively participating in all areas of the company's security department (researching new vulnerabilities, developing auxiliary programs, participating in conferences, etc.). ## Must have * 2+ years of experience in IT * At least a yeasr of experience in information security (penetration tester, security analyst, etc.) * Solid understanding of the existing types of vulnerabilities and security threats * Familiarity with any existing penetration testing methodology (OWASP, WASC, OSSTMM, etc.) * Experience with specialized tools for manual and automated penetration testing (BurpSuite, ZAP, Sqlmap, Nmap, Metasploit, Nessus/OpenVAS, Wireshark, etc.) * Experience in developing your own auxiliary programs in any programming language * Familiarity with various technologies and architectures (Linux, Windows, Cisco, Active Directory, Java, .NET, etc.) * High level of motivation to work and develop professionally in software security * Good spoken English. ## Would be a plus * Knowledge of cryptography * Knowledge of the basics of databases and skills in working with a DBMS (one of: MSSQL, Oracle, MySQL, PostgreSQL, etc.) * Experience in reverse engineering and source code analysis * Familiarity with security standards (PCI DSS, ISO27000, OWASP TOP 10, etc.) * Experience in writing specialized articles and participating in conferences