Sofia Stars
Sofia Stars is a fast-growing global service provider that guides high-growth businesses to success. Our range of tailored solutions includes R&D, Customer Support, Sales, KYC, Risk, and Anti-Fraud services. We make every connection shine with fresh tech and cultural understanding.
We invite a Senior Application Security Engineer to join our team on-site.
Responsibilities:
- Demonstrated ability to collaborate with other teams to achieve complex objectives.
- Responsible for security architecture design from cloud infrastructure to application through the implementation of "secure by design" principles.
- Collaborate with product managers, architects, and developers on the implementation of the security controls platform ecosystem and products.
- Proof security implementations within infrastructure and application deployment manifests and the CI/CD pipelines.
- Define required policies, controls, and capabilities for the protection of products and environments.
- Build and validate declarative threat models automation.
- Participate in engineering teams’ product planning cycles and committees.
- Oversee the product security aspects for migration of products and services from Data Center to public cloud, e.g., AWS.
- Serve as a trusted cyber security advisor to product and application teams.
We offer excellent benefits, including but not limited to:
- Up to 25 vacation days
- 6 Undocumented Sick Leave Days
- Monthly food vouchers (102 EUR)
- Private Medical Insurance
- Multisport Card
- Birthday, Wedding and Newborn gifts
- Breakfast, Friday lunches, fruits, and snacks in the office
- Monthly company activities and team-building events
- Career growth opportunities.
Grow fast, shine globally
Minimum Requirements:
- Experience integrating security scanning/tooling into the development pipeline.
- Experience in analysing and securing microservices and applications developed using JavaScript and Typescript.
- Experience with CI/CD pipelines (such as Gitlab, Jenkins) and infrastructure-as-a-code models (such as Terraform, Helm, or CloudFormation).
- Hands-on development experience in Python/shell scripting.
- Strong understanding of supply chain security, software integrity, and secure software delivery.
- Experience with Docker and mesh technologies (such as ISTIO).
- Experience with architecture and security reviews, threat modelling, and application risk is highly desired.
- Experience working with Agile methodologies.
- Knowledge of privacy laws and regulations, such as GDPR desired.
- Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc.
PREFERRED QUALIFICATIONS:
- In-depth experience with architecting secure services on Kubernetes.
- Extensive experience with architecting secure services on AWS or on-prem data centers.
- Security-related professional certifications e.g., CISSP, CISM, CCSK, CCSP, CEH, are highly desirable.
