Актуальные заказы по Security testing

Senior Web Developer - WordPress

We are looking for an experienced Web developer on WordPress. The successful candidate will be responsible for creating websites of the company.


Responsibilities:

  • WordPress websites` creation and development.
  • Integration of WordPress websites with the company's analytics systems / API / Salesforce and other services and testing them before launch.
  •  Creating special effects, animation on the WordPress websites.
  • Working with our SRE team to create and optimise pipelines and deploy processes.
  • Analyse and find optimised technical solutions for tasks` implementation.
  • Estimate time of tasks` implementation.


Skills Required:

  • HTML5, CSS, PHP, JS, jQuery, Ajax, JSON, MySQL
  • WordPress hooks, custom posts/taxonomies/fields, REST API, creating queries using wpdb, etc.
  • Development of custom themes and plugins for WordPress
  • Working with custom JS scripts
  • Compliance with valid layout and cross-browser compatibility, creation of websites with adaptive design
  • Ability to layout (using Figma), flex, grid, layout without using Bootstrap if necessary
  • Experience in optimising/improving WordPress security
  •  Setting up caching, customising themes, WP plugins for maximum performance
  • Optimisation and refinement of projects
  • Experience with Github
  • Experience with Amazon Web Services
  • Knowledge of administration: Shell, Apache, Nginx, MySQL, Cron
  • Code validation and code audit for problem areas
  • At least 3 years of experience working with customised WordPress websites
  • Portfolio: at least 3 customised WordPress sites (mandatory)
  • Intermediate English level (please submit your CV in English)
  • Russian language would be a plus


Nice to have:

  • Experience in performing tasks for SEO requirements
  • Experience in optimising website loading speed
  • Experience with migration plugin from Drupal to WordPress
  • Experience with CI/CD and automated deployments
  • Experience with website testing


Senior Azure DevOps engineer

Удаленно
Full-time

Project in healthcare industry.


Responsibilities

  • Build the automation processes of our Big Data platforms.
  • Install, deploy, configure, maintain and monitor infrastructure, systems, and management tools of our Big Data platforms.
  • Ensure the highest levels of systems and infrastructure availability for our Big Data platforms.
  • Ensure the proper security standards in terms of infrastructure, systems, and processes.
  • Monitor and test application performance for potential bottlenecks, identify possible solutions and work with developers to implement fixes Provide 2nd level support.
  • Liaise with vendors (Azure and Databricks) and other IT personnel for problem resolution.


General Requirements

  • University degree or similar education in Software Engineering or Computer Science.
  • At least 3 years experience in DevOps and/or in using automation to build infrastructure.
  • Fluent English and good communication skills both in verbal and written form.
  • Ability to work in a globally distributed environment.


Technical Skills

  • Understanding of infrastructure automation concepts and good hands-on knowledge of Ansible.
  • Understanding of containerization concepts and strong knowledge of Docker.
  • Good understanding of Versioning Control systems and strong knowledge of Git.
  • Hands-on experience in Linux administration and in Bash scripting.
  • Experience with Jenkins.
  • Proficiency in writing scripts in Python.
  • Understanding of cloud paradigms (IaaS/SaaS/PaaS).
  • Understanding of networking concepts and cybersecurity best practices.
  • Understanding of agile software development process.
  • Accustomed to leverage tools like Confluence and Jira for knowledge and collaboration management.
  • Hands-on experience with MS Azure.
  • Experience with container orchestration and knowledge of Azure Kubernetes.
  • Familiarity with Big Data technologies: Spark/Hadoop, Azure Databricks, Apache Airflow.
  • Understanding of SQL and NoSQL database types, paradigms, and design patterns.

Инженер по информационной безопасности

Удаленно
Full-time

Проект компании, специализирующейся в поисковом продвижении компаний - лидеров рынка.


Обязанности:

  • Аудит инфраструктуры клиентов и используемых сервисов ИБ, анализ полученной информации, подготовка отчетов.
  • Составление плана работ, архитектуры работы сервисов и взаимодействия.
  • Развертывание и настройка продуктов стека Microsoft Security\Compliance, интеграция с инфраструктурой.
  • Оказание консультационной поддержки по сервисам информационной безопасности и помощь в настройке (правил, политик, конфигураций и т.д.)


Требования:

  • Опыт участия в проектах на базе сервисов безопасности компании Microsoft.
  • Знание локальной инфраструктуры Microsoft, в первую очередь AD, SCCM, CA, RMS.
  • Знание и практический опыт интеграции и настройки сервисов из пакета Microsoft 365 c локальной инфраструктурой.
  • Способность свободно вести переговоры и работать с русскоговорящими и англоговорящими заказчиками, знание языка не ниже уровня B2.
  • Знание и практический опыт по настройке, управлению и поддержке стека Microsoft Security\Compliance:
  1. Обязательно знание: Microsoft 365 Defender (Defender for Endpoint, Defender for Office, Defender for Identity, Defender for Cloud Apps); Microsoft Entra.
  2. Желательно знание: Microsoft Defender for Cloud; Microsoft Sentinel; Microsoft Intune; Microsoft Purview.


Обязательно наличие сертификатов: Microsoft 365 Certified: Security Administrator Associate.

Желательно наличие сертификатов: Microsoft Security Operations Analyst; Microsoft Identity and Access Administrator; Microsoft Information Protection Administrator.

Lead Azure DevOps Engineer

Удаленно
Full-time
Проектная занятость

Project: IT service provider for the life science and healthcare industry.


Responsibilities:

  • Managing a distributed team of DevOps engineers and streams within the project
  • Participating in customer meetings, setting objectives, and responding to inquiries
  • Advising on technical aspects of installation, configuration, sizing, and scaling in Azure Cloud
  • Providing new Azure Cloud resources and services via Terraform and/or Azure ARM templates (including Azure Policies and Azure Blueprints)
  • Managing and supporting various environments in Microsoft Azure Cloud
  • Configuring and managing the infrastructure deployed in Azure Cloud
  • Developing and managing the CI/CD process in Azure DevOps for different types of applications, environments, and automation processes
  • Deploying and configuring various data pipelines based on Data Factory, Azure Batch, and Azure Databricks
  • Automating deployment of application code to different environments
  • Managing build assembly, deployment, and configuration, testing implemented solutions.
  • Managing and deploying custom scripts.


What we expect:

  • Deep understanding of Azure Cloud, Azure DevOps/Pipelines
  • Effective team management skills
  • Strong customer negotiation skills
  • Good knowledge of Terraform and/or Azure ARM templates/Blueprints
  • Solid experience with Kubernetes/Docker
  • Knowledge of Azure Virtual Networks, App Services, PostgreSQL, Virtual machines, Data Factory, Batch, Functions (Serverless), Logic Apps
  • Knowledge of Azure Monitor, Security Center, Log Analytics, and App Insights and ability to use them for system monitoring and developer support (logs, traces, RCAs)
  • Experience in creating infrastructure (planning, scaling, monitoring)
  • Upper-Intermediate English or higher.


Разработчик Java/Kotlin

Удаленно
Full-time

Для работы на крупном финансовом проекте требуется Java/Kotlin Developer (Senior).

Мы ищем Java/Kotlin разработчика в команду разработки коробочного решения для предоставления займов (PDL, Installment и т.д), которое будет масштабироваться на многие страны.

Наш технический стек:

  • Java 11+/ Kotlin
  • Spring Framework (MVC, Data, Security, Cloud Stream)
  • PostgresSQL, Redis
  • Kafka, RabbitMQ
  • ELK, Grafana, Prometheus
  • Keycloak
  • Docker, k8s
  • Gitlab CI/CD
  • Temporal


Технологии и подходы в ЕТР

  • Spring 3.0.5 / Kotlin 1.8.0
  • Миграции flyway
  • Документация по апи: spring-doc
  • Для общения с внутренними сервисами feign, для общения с внешними - feign тоже
  • Распределённый трейс
  • Тесты: JUnit 5 + spring test(аккуратно с контекстом)
  • Java 17
  • Общение между сервисами: микс. Для асинхронных взаимодействий используем реббит
  • Используем для скана уязвимостей dependency track
  • DEPLOY
  • gitlab-ci
  • helm + vals + envs (3 среды)
  • Мониторинг: micrometer + graphana + prometheu
  • Keycloak
  • Temporal
  • Logs – graphana


Необходимый опыт:

  • Опыт работы с Spring
  • Работа с SQL БД: блокировки, партицирование, оптимизация миграций, explain, транзакции etc.
  • Опыт работы с брокерами очередей
  • Иметь решения проблем при работе с асинхронностью
  • Профилирование приложений, troubleshooting
  • Контейнеризация приложений и логирование

Нам интересно узнать:

  • Какие архитектурные задачи приходилось решать
  • О подходах к тестированию
  • О микросерсвисной архитектуре



Security GRC (Governance, Risk and Compliance) Specialist

Офис
Удаленно
Full-time
Постоянная работа

Looking for Security GRC (Governance, Risk and Compliance) Specialist.


Job Overview:

The person in this role will be in charge of identifying, reviewing and managing the security Governance, Risk and Compliance internal programs and initiatives, working closely with the Operation Security and Application Security Teams, as well as various internal IT teams.

Additionally, support the IT Security team in on-demand activities by being a facilitator in Initiatives with other IT Teams.


Requirements:

  • 5+ years of relevant experience working in the IT security industry, including 2+ years in GRC, IT Audit, IT risk management, IT Security and/or similar compliance functions.
  • Strong skills in IT Security risk management.
  • Demonstrated experience in data governance framework setup and management activities in an enterprise environment.
  • Experience in the development of company security policies and risk, security or audit frameworks (e.g. ISO 27001, NIST, COSO).
  • Excellent communication skills in both technical and non-technical ways.
  • Fluent in English and in Russian: written, verbal, listening.
  • Attained a Bachelor’s degree in Information Systems, Engineering and related area (5+ years).
  • Attained Сybersecurity certifications such as CISSP, CRISK, Security+, etc is a plus.
  • Experience working as a Program Manager is a plus.
  • Experience working in Fintech, online businesses is a plus.
  • Results-oriented, commitment focused and team player.


What Will You Do:

  • Continue developing, implement and manage the organization IT Security Risk Management framework.
  • Identify, manage and help reduce the IT Security risk across the organization, conduct risk assessment and gap analysis reviews related to information security risk matters.
  • Design, develop, implement and maintain a data governance framework across the company.
  • Manage compliance initiatives.
  • Develop, update, document and implement security policies and controls.
  • Ensure up-to-date and effective Information Security policies, standards and guidelines are in place to address requirements from internal and external.
  • Produce and manage relevant documentation and presentations, including Executive Reports.
  • Conduct internal security assessments/reviews.
  • Support and coordinate internal efforts to support IT compliance assessments and external security audits.
  • Coordinate inputs and craft accurate and effective responses to inquiries on information security matters coming from regulators, auditors, etc.
  • Support company-wide security training and awareness programs to meet training goals.
  • Help in the Implementation of Security tools.
  • Lead/Support Scrum ceremonies such as Refinement, Planning, Retrospectives, and Daily meetings.


Relocation to Montenegro.