Application Security Engineer (Remote Poland)
Nord Security is a leading cybersecurity solutions provider with the product family of five advanced cybersecurity solutions: NordVPN, NordLayer, NordPass, NordLocker, and NordWL. We have one true goal - to give true online privacy and security to as many people as we can. NordVPN - fastest VPN on the planet, built to protect your online traffic and privacy with next-generation encryption Our Risk team’s purpose is to serve our global community by analyzing the risks, business, or security. We evaluate, rank and resolve them, and continue to monitor them afterwards. As our work extends across multiple areas, from business to IT, our team gets the privilege to witness the inner workings of building cybersecurity solutions.
What You Will Do
- Ensure software design security and define secure implementation practices;
- Determine threat models, perform risk analysis and mitigation workshops of any product change that may impact security;
- Show your reverse engineering skills in discovering security bugs in desktop/mobile applications, networking, and crypto components;
- Develop scripts, security automation tools to enhance application security testing processes;
- Perform application security scanning using SAST/DAST tools;
- Ensure mobile/desktop applications are sufficiently tested and support internal and external audits;
- Design and deliver training for security engineering awareness & adoption;
- Actively look for internal security gaps within the product or organization overall.
What We Expect
- Proven experience in mobile/desktop application security assessment planning, testing, methodologies, and vulnerability reporting;
- Proficiency using security scanners, fuzzers, static code analyzers, debuggers, and ability to perform manual security code audit;
- Work with stakeholders to define the scope of security tests and identify remediation actions to address any vulnerabilities identified;
- Knowledge of secure coding practices;
- Ability to quickly assimilate new technologies and tools;
- Sense of ownership with strong problem solving and investigation skills;
- Experience with different OS, e.g., Linux, Android, iOS, macOS, Windows;
- Ability to build and maintain relationships, influence key stakeholders across the business;
- Bonus points for community contributions like public CVEs, bug bounty recognition, open-source tools, blogs, etc.