Application Security Engineer

We are TINQIN. TINQIN is a company focused on developing and delivering a wide range of innovative solutions mainly for the insurance industry. Our clients are some of the largest insurance companies operating on the European market. They rely on us for developing software, web design, business analysis, prototyping, product testing, and maintenance. That’s why we always aim to be at the top of our game while using the latest technologies to provide added value.

Day to day activities and responsibilities:

· Perform thorough security assessments, including penetration testing, vulnerability assessments, and architecture security assessment, using industry-standard methodologies and tools.

· Identify, assess, and prioritize potential security vulnerabilities and risks in web applications and propose appropriate countermeasures.

· Stay up-to-date with the latest application security trends, vulnerabilities, and technologies, actively participating in knowledge sharing and continuous learning.

· Investigate and respond to security incidents, conducting root cause analysis, and providing recommendations for mitigation.

· Work and collaborate with cross-functional teams (SOC, DevOps, Software Engineers… ) and customers.

· Validate external penetration test results and work with internal and external stakeholders.

· Perform security tests for Web applications.

· Work with the engineering and security teams to provide actionable reporting, find and explain security issues, suggest mitigations, and determine when issues are mitigated.

· Assist in creating and updating Application Security procedures, policy, standards and guidelines.

· Train, coach and mentor other members of the team.

· Provide advice to different stakeholders regarding security issues through the whole development process.

Requirements

Minimum of 2 years of relevant cybersecurity experience.

· Experience of handling security incidents such as web application attacks, phishing, vendor supply chain incidents, malware and ransomware, emergency vulnerability management and compromised accounts.

· Ability to manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur.

· Understanding of software security architecture and design

· Experience or strong interest in web application security testing and pentesting.

· Experience with security assessment tools, such as DAST tools and vulnerability scanners.

· Good understanding of cloud environments, containerization and micro-servicing.

· Good command of English language, both written and spoken.

· Analytical thinking and problem-solving skills.

· Good communication skills.

· High degree of initiative and ability to work with little supervision.

· Enthusiastic about the security industry and driven to continue learning and developing new skills.

· Ability to interact with stakeholders to explain security vulnerabilities.

Advantages:

·Ability to develop scripts for automation and simplifying data parsing and collection will be considered as an advantage.

· Any relevant certification (such as OSCP, CISSP, CISA, eWAPT, CEH) is a plus.

· Experience with Python will be considered as an advantage

Benefits

• Competitive remuneration package;
• Dynamic and interesting work environment;
• Opportunity to use cutting-edge technologies in real projects;
• Collaboration with highly skilled and friendly colleagues;
• Opportunity to learn and enhance your skills;
• Additional corporate trainings, tech conferences tickets;
• Annual employees performance check and reevaluation;
• Team-building events;
• Participation in charity and volunteer activities;
• Life-work balance;
• Social benefits – a monthly budget that includes:

1. Additional health insurance – Luxury package;
2. “Health with priority” medical insurance covering severe diseases;
3. Employee Assistance Program, including psychological, finance, and legal advice;
4. Flexible social benefits (food vouchers, fuel vouchers, sport card, and other options);

• Extra days off for loyal employees (+1 additional day paid leave for each year of length of service in TINQIN (up to 5));
• Office perks (coffee, soft drinks, fresh fruits, ice cream, sports, and relaxation area);
• Remote/hybrid working model (employees can choose whether to work from the office or home);
• Flexible working hours;
• Referral program bonuses

If you believe that your profile meets the above requirements and you are interested in joining our team, please apply with your CV in English.

All applications will be treated with strict confidentiality. Only short listed candidates will be contacted.

The personal data you provide to us is processed by “TINQIN” AD ( acting as the Data Controller). This data is shared to and processed by the employees of TINQIN for the purposes of reviewing job applications, which is necessary in order to take steps prior into entering a contract with you. 

The retention period for your data is 6 months unless you provide us with a consent to keep them longer.  If you agree to store your data in our records longer than 6 months and to consider your CV for other openings as well, please fill the consent form: https://forms.office.com/e/CVZZmj9CzD?origin=lprLink 

You have the right to obtain information about the processing of your personal data at any time.  
More detailed information about the process can be found at Policy on the processing of personal data of job candidates - TINQIN » Insurance software solutions. 

In addition, you have the right to correct, to block and to delete it in accordance with the legal regulations. To enforce your rights, you only need to contact our DPO : dpo@tinqin.com.  

Remark: If you request to block or to delete your data, your application can no longer be considered.