Application Security Engineer
- Zagreb, Croatia
- Department: Corporate Security
- Office: Zagreb (Croatia)
At Infobip we dream big. We value creativity, persistence and innovation, passionately believing that it is through teamwork that we can all reach greater heights. Since 2006, we have been innovating at the edge of technological possibilities and are now shaping global communications of the future. Through 60+ offices on six continents, Infobip’s platform is used by almost 70% of the population, making it the largest network of its kind and the only full-stack cloud communication platform (cPaaS) globally. Join us on our mission to create life-changing interactions between humans and online services with new and unseen solutions.
Why is this role important at Infobip?
Every great company’s success starts with having a great product. To write our success story, it is essential that our global, cloud-based products are supported with a stable infrastructure. As a Security Engineer, you will have an impact on security aspects of the infrastructure and full application stack which makes the Infobip platform in multiple environments (dev, staging, production), dealing with challenges of protecting the security posture of a complex multi data-center architecture and continually improving it.
You know you are doing a good job when:
- Tools owned by Security team are managed and maintained to support the Infobip platform SLA.
- Vulnerabilities are detected early and mitigated in a timely manner.
- Help engineering teams by performing security assessments of their products where you identify, quantify and help mitigate security flaws early in all phases of the product development process.
- Work with software development teams and enjoy finding and fixing security bugs.
- Comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement are written.
- Tools to assist in detection, prevention and analysis of security threats are properly implemented and updated regularly.
- You participate and contribute in Incident response and analysis.
More about you:
You possess at least:
- Experience with popular System Virtualization and application containerization.
- Understanding of the OWASP Top 10.
- Ability to perform penetration testing (applications, lateral movement, and network), with focus on Web applications.
- Ability to perform security audit of different internal products.
- Ability to consult other Dev teams, how to fix their code based on found vulnerabilities.
- Ability to assist with code reviews
- Knowledge of CI/CD
- Knowledge to participate in incident response and analysis.
You possess (the more the better):
- Familiar with cloud infrastructure and how to conduct penetration testing activities inside cloud environment, especially AWS/Azure.
- Understanding beyond the OWASP Top 10 by explaining the level of risk to the business.
- Experience in software development/scripting with building & integrating tools, especially by using web APIs to support automatization of security tools.
- Experience in securing a micro-service architecture.
- Can participate in the organization and follow-up of our partner external pentest campaigns.
- You have an ability to adapt fast and like working in a high-paced environment.
- You build positive, lasting relationships with colleagues in the team.
- A degree in Computer Science, IT, Systems Engineering or a related qualification.
- Security certifications, publications, and/or security project contribution is a plus
Why you should consider this opportunity:
- Big and complex infrastructure – When we talk about a large system, we really mean it. We have datacentres all over the world, from Washington to Hong Kong, and they include around 200 physical and 2000+ virtual servers. Be a part of a system that is live 24/7 and generates traffic that measures in millions of messages every minute.
- Never a dull moment – We work with powerful companies with strong impact, which pushes us to work on the highest possible level. Work on uncharted challenges and push boundaries on a daily basis.
- Opportunity Knocks. Often. – Being a part of a growing company in a growing industry – we challenge you not to grow! Lots of opportunities for development; whether it’s horizontal, vertical, or angular, we want to support the path that you want to carve.
- Grow your knowledge – Learn as you go, starting from the internal education and onboarding from your colleagues, to our 3-day Dev conference, e-learning to attending conferences. Knowledge is for sharing, and learning is a path to growth.
- Compensation & Benefits – Competitive salary, travel allowance, expatriate compensation packages for your business trips, rewards and holiday bonuses, team buildings and other organised activities, company library, organised sports, kitchen stocked with the usual suspects... Talk about a balanced lifestyle!