Актуальные заказы по Security audit

Senior Web Developer - WordPress

We are looking for an experienced Web developer on WordPress. The successful candidate will be responsible for creating websites of the company.


Responsibilities:

  • WordPress websites` creation and development.
  • Integration of WordPress websites with the company's analytics systems / API / Salesforce and other services and testing them before launch.
  •  Creating special effects, animation on the WordPress websites.
  • Working with our SRE team to create and optimise pipelines and deploy processes.
  • Analyse and find optimised technical solutions for tasks` implementation.
  • Estimate time of tasks` implementation.


Skills Required:

  • HTML5, CSS, PHP, JS, jQuery, Ajax, JSON, MySQL
  • WordPress hooks, custom posts/taxonomies/fields, REST API, creating queries using wpdb, etc.
  • Development of custom themes and plugins for WordPress
  • Working with custom JS scripts
  • Compliance with valid layout and cross-browser compatibility, creation of websites with adaptive design
  • Ability to layout (using Figma), flex, grid, layout without using Bootstrap if necessary
  • Experience in optimising/improving WordPress security
  •  Setting up caching, customising themes, WP plugins for maximum performance
  • Optimisation and refinement of projects
  • Experience with Github
  • Experience with Amazon Web Services
  • Knowledge of administration: Shell, Apache, Nginx, MySQL, Cron
  • Code validation and code audit for problem areas
  • At least 3 years of experience working with customised WordPress websites
  • Portfolio: at least 3 customised WordPress sites (mandatory)
  • Intermediate English level (please submit your CV in English)
  • Russian language would be a plus


Nice to have:

  • Experience in performing tasks for SEO requirements
  • Experience in optimising website loading speed
  • Experience with migration plugin from Drupal to WordPress
  • Experience with CI/CD and automated deployments
  • Experience with website testing


Инженер по информационной безопасности

Удаленно
Full-time

Проект компании, специализирующейся в поисковом продвижении компаний - лидеров рынка.


Обязанности:

  • Аудит инфраструктуры клиентов и используемых сервисов ИБ, анализ полученной информации, подготовка отчетов.
  • Составление плана работ, архитектуры работы сервисов и взаимодействия.
  • Развертывание и настройка продуктов стека Microsoft Security\Compliance, интеграция с инфраструктурой.
  • Оказание консультационной поддержки по сервисам информационной безопасности и помощь в настройке (правил, политик, конфигураций и т.д.)


Требования:

  • Опыт участия в проектах на базе сервисов безопасности компании Microsoft.
  • Знание локальной инфраструктуры Microsoft, в первую очередь AD, SCCM, CA, RMS.
  • Знание и практический опыт интеграции и настройки сервисов из пакета Microsoft 365 c локальной инфраструктурой.
  • Способность свободно вести переговоры и работать с русскоговорящими и англоговорящими заказчиками, знание языка не ниже уровня B2.
  • Знание и практический опыт по настройке, управлению и поддержке стека Microsoft Security\Compliance:
  1. Обязательно знание: Microsoft 365 Defender (Defender for Endpoint, Defender for Office, Defender for Identity, Defender for Cloud Apps); Microsoft Entra.
  2. Желательно знание: Microsoft Defender for Cloud; Microsoft Sentinel; Microsoft Intune; Microsoft Purview.


Обязательно наличие сертификатов: Microsoft 365 Certified: Security Administrator Associate.

Желательно наличие сертификатов: Microsoft Security Operations Analyst; Microsoft Identity and Access Administrator; Microsoft Information Protection Administrator.

Security GRC (Governance, Risk and Compliance) Specialist

Офис
Удаленно
Full-time
Постоянная работа

Looking for Security GRC (Governance, Risk and Compliance) Specialist.


Job Overview:

The person in this role will be in charge of identifying, reviewing and managing the security Governance, Risk and Compliance internal programs and initiatives, working closely with the Operation Security and Application Security Teams, as well as various internal IT teams.

Additionally, support the IT Security team in on-demand activities by being a facilitator in Initiatives with other IT Teams.


Requirements:

  • 5+ years of relevant experience working in the IT security industry, including 2+ years in GRC, IT Audit, IT risk management, IT Security and/or similar compliance functions.
  • Strong skills in IT Security risk management.
  • Demonstrated experience in data governance framework setup and management activities in an enterprise environment.
  • Experience in the development of company security policies and risk, security or audit frameworks (e.g. ISO 27001, NIST, COSO).
  • Excellent communication skills in both technical and non-technical ways.
  • Fluent in English and in Russian: written, verbal, listening.
  • Attained a Bachelor’s degree in Information Systems, Engineering and related area (5+ years).
  • Attained Сybersecurity certifications such as CISSP, CRISK, Security+, etc is a plus.
  • Experience working as a Program Manager is a plus.
  • Experience working in Fintech, online businesses is a plus.
  • Results-oriented, commitment focused and team player.


What Will You Do:

  • Continue developing, implement and manage the organization IT Security Risk Management framework.
  • Identify, manage and help reduce the IT Security risk across the organization, conduct risk assessment and gap analysis reviews related to information security risk matters.
  • Design, develop, implement and maintain a data governance framework across the company.
  • Manage compliance initiatives.
  • Develop, update, document and implement security policies and controls.
  • Ensure up-to-date and effective Information Security policies, standards and guidelines are in place to address requirements from internal and external.
  • Produce and manage relevant documentation and presentations, including Executive Reports.
  • Conduct internal security assessments/reviews.
  • Support and coordinate internal efforts to support IT compliance assessments and external security audits.
  • Coordinate inputs and craft accurate and effective responses to inquiries on information security matters coming from regulators, auditors, etc.
  • Support company-wide security training and awareness programs to meet training goals.
  • Help in the Implementation of Security tools.
  • Lead/Support Scrum ceremonies such as Refinement, Planning, Retrospectives, and Daily meetings.


Relocation to Montenegro.

Lead Java developer

Full-time

Who we are looking for Server software expert (Java 11+, Spring Boot, Maven / Gradle, Junit, Mockito, SQL / ORM)

Certain responsibilities that involve development and deployment of strategic products


5 reasons why you would like to work with us


1. Fintech

Unique domain area that contains lots of interesting tasks.

Real Highload - estimated number of unique users per day is expected to be 5 million people.

Increased requirements for security and fault tolerance of the solution.

We are creating a payment method which means that the Platform we are creating must be available 24/7/365.

At the same time, we are constantly testing new product hypotheses, so we are focused on the "purity" of the solutions created and the internal quality of the code.

2. Real product development

We are developing a product that is very important in daily life of people.

You can tell your mom what you're working on, and she'll not only understand you, but she'll be happy that you're solving real problems of real people.

Each sprint we fulfill a business goal - we actively test business hypotheses.

What you do today will be sold tomorrow by a sales specialist, you will be fully integrated with the business team.

You can influence the product and we need such proactive people. We have a flat structure and open communication.

3. We develop – we launch.

We are engaged not only in development, but also in operation.

We build and develop a mature DevOps process; system engineers are part of our development team.

You will develop the ability to think about how your solution will behave in operation.

4. Mature Scrum process, no “inventing the wheel”

We work with Scrum; we scale Scrum with LeSS.

This means we work in small, long-lived product feature teams.

You will work hand-in-hand with colleagues from other disciplines to get the job delivered.

We practice swarming - we are constantly communicate online with other team members.

Participation in our teams involves T-shaping, you can painlessly and comfortably master related specialties.

You won't be left alone with process issues - we have one scrum master for every three teams.

You will influence the effectiveness of the team, avoiding unnecessary losses, influence the process as a whole.

5. A real startup with all it entails

A unique experience that will be useful to you in the future if you are going to create your own startup.

We go through all phases of development, from finding early followers to launching marketing campaigns.

This is a startup, not an enterprise - minimum bureaucracy, open communications, a culture of errors and security.

International multicultural mature team with average team member age of 30.

How about building together an alternative financial ecosystem in one single country with the potential to scale into Asian markets?

Would you like to digitize oriental bazaars with us?

We are creating a new payment method, an alternative to cash and plastic cards, with our own unique set of financial instruments aimed at ordinary people.


We are looking for

A person who can take responsibility for the quality of the backend code and the efficiency of the backend developers.

A backend development expert (Java 11+, Event Driven Microservices on Spring's stack).


Experience, Competencies and Skills Required

  • Participation in the design of platform components, audit of design solutions offered by other developers
  • Selection of technologies and tools for development and operation, we profess the “you code it you run it” approach
  • Expert leadership of the backend developer community - coaching, implementation of effective development practices, facilitation, design sessions
  • Development of code conventions and responsibility for their implementation by the community of backend developers
  • Identification of problems and wastes in the work of backend developers
  • Collaboration with the Scrum Master service to improve current processes and practices
  • Of course, you will write code, both purely technological parts of the system and product features.


Chief Information Officer

Full-time

A Swiss and EU based FinTech Company with a Mission to bridge cryptocurrencies into traditional financial systems, to enable everyone to utilize the benefits of crypto as an integral asset class in financial management.


Position

Company is searching for an experienced and dedicated CIO (Chief Information Officer) to lead and manage IT Development team (40+ people) and processes. A successful CIO should have in-depth knowledge of the current and up-and-coming trends in the FinTech and Crypto/DLT industry. 

To be successful, you will be highly analytical, and professional, and possess excellent organizational skills. This is the possibility of being a part of an amazing project, working with a highly experienced team and cutting-edge technology.

 

The ideal CIO should engage in the pursuit of company’s international expansion, leading the development of the internal technology strategy for the Company and advising to the business on all matters related to the interface between the IT development department and the rest of the business.


Job Responsibilities

  • Develop goals and strategies to ensure the IT development department:
  1. delivers features planned in the product roadmap
  2. has all security tools, measures, and processes in place;
  3. runs smoothly and effectively.
  • Direct and establish IT-related projects.
  • Monitor changes in the technology sector to discover ways the company can improve and develop.
  • Supervise the networks and computer systems in the company to ensure optimal performance.
  • Plan and direct the implementation of new IT systems.
  • Provide leadership to IT specialists and other staff within the company.
  • Create and adapt technological platforms to improve the client experience.
  • Troubleshoot data-related issues and establish regular maintenance.
  • Auditing existing IT infrastructure and assessing for any security risks
  • Continuously assessing security vulnerabilities, assessing risks and implementing prevention measures and mitigating controls.
  • Developing policies around security incidents and creating an Emergency Response Team to act as and when a security breach is looming or has happened.
  • Monitoring of personal performance of engineers.
  • Leading the hiring process within the department. 


Requirements

  • Experience related to the FinTech industry (Retail Digital Banking, Crypto, Blockchain, Online trading with financial assets);
  • 10+ years of technology experience with at least 5 years in a senior executive role in a combination of IT, information security, and risk management roles;
  • A strong strategic and business mindset;
  • Excellent organizational and leadership skills;
  • Outstanding communication and interpersonal abilities;
  • BSc/BA in computer science, engineering or relevant field; 
  • Solid business knowledge that ties the technology vision to company’s mission, performance, and financial goals;
  • Specific experience in Agile (scaled) software development or other best development practices;
  • Demonstrated ability to interpret technology and market trends;
  • Development of applications for the global market;
  • Software quality management;
  • Ability to work and lead in a fast-changing dynamic environment;
  • Excellent interpersonal, written, and verbal communication skills;
  • Experience with global/international operations;
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, agile, and interdisciplinary teams;
  • Experience with contract and vendor negotiations and management including managed services;
  • Demonstrated ability to develop achievable and inspiring technology objectives and roadmaps;
  • Demonstrated ability to focus organizations on these objectives and roadmaps;
  • Demonstrated ability to collaborate effectively with non-technology oriented employees and partners;
  • Strong analytical skills;
  • Proven experience with the corporate stack of programming languages and technologies, incl: node.js, react/react native, c#, .net.
  • Fluent in English.

Security Architect

Удаленно
Full-time
Постоянная работа

Who are we?

The fintech startup working on the first large-scale e-wallet in region. We aim to provide people with simple and convenient alternative to cash.


Job description

  • Design cloud security architectures and perform architecture design reviews
  • PCI DSS subject matter expert ensuring company’s security architecture is fully PCI compliant
  • Define, prioritize, and measure our efforts in achieving and maintaining public and private cloud security in environments such as AWS working with engineering teams
  • Implement, maintain, and improve existing industry best practices of operational security controls such as:

-Audit mechanisms

-Vulnerability management

-Data classification

-Encryption and data security

  • Continually evaluate new threats in the cloud, to identify the impact on IT and Business to develop and implement security controls
  • Ensure effective coordination between IT Security, Private Cloud, and Infrastructure through collaboration with engineers


Job Requirements

  • Strong foundations in software engineering, specifically at the architectural level
  • Strong foundations in public cloud (Amazon Web Services, Google Cloud Platform, Microsoft Azure)
  • Strong foundations in Kubernetes or Kubernetes like environments (stateless services, auto scaling, pod communication)
  • Knowledge of Infrastructure-as-Code and concepts related to automated infrastructure management using tools such as Terraform
  • Knowledge of cloud security best practices including Identity Access Management (IAM), network security, modern cloud security architecture, and platform specific security and governance tools
  • Knowledge with CSPM platform like Wiz Orca etc
  • Knowledge in Service Mesh Architecture
  • Understanding of the ISO 27001/27002, COBIT, and ITIL frameworks are required