APPLICATION SECURITY ARCHITECT

Since 1993, Netcracker Technology has been developing and implementing unique IT solutions for more than 250 customers worldwide, mostly telecom providers. We create dozens of innovative products and lead the global market of BSS/OSS solutions ready to be used in the cloud environment. Our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the cloud's opportunities, virtualization, and the changing mobile ecosystem.

• We are looking for Application Security Architect to join Netcracker international application security team. The primary role of the person will be in leading of security design and implementation of Netcracker BSS and OSS solutions.
  Netcracker offers access to modern technologies and application security knowledge base, huge team of security, IT and development experts, international implementation programs for lead telecom operators, interesting tasks and permanent professional grow.

Responsibilities:
• Leading security stream on implementation projects
• Analysis of customer’ security requirements, security regulation and standards
• Development of security statement of work
• Review of solution security architecture and business functionality
• Identification and prioritization of security risks in solution architecture and design
• Driving of security controls implementation through all layers of the solution, including access controls, data anonymization, data encryption, security events monitoring, component hardening, and others.
• Managing and coordination of security acceptance program
• Control of security vulnerabilities within the solution
• Interacting with customer in the area of security

Requirements:
• 5+ years of practical experience in application security domain in telecom, banking or e-commerce sectors
• Higher education in the area of IT, Engineering, Security or Mathematics
• Practical experience in security risk analysis, thread modelling, vulnerability analysis and scoring (including attack three concepts, CVSS scoring system, risk analysis frameworks)
• Detailed understanding of authentication, authorization and SSO protocols and specifications (Kerberos, OpenID, OAuth 2.0, SAML)
• Deep knowledge and practical experience in design and implementation of access controls for both user access and system-to-system interaction (following principles of minimum privileges, segregation of duties and accountability)
• Good understanding of cryptographic controls and algorithms, their role, practical implementations, limitations and vulnerabilities
• Practical experience in security configuration of Linux, Docker containers and web servers is a plus
• Knowledge of security regulation and standards, including GDPR, NIST SP 800-53, PCI DSS
• Deep understanding of OWASP top 10 and SANS top 25 vulnerabilities
• Practical skills in development of documentation (architecture diagrams, procedures, presentations)

We offer:

Competitive salary
Medical insurance
More than 300 hard and soft-skills programs by the corporate career development center
Open environment and encouraging knowledge sharing culture
Opportunity to practice foreign languages daily
Flexible working hours and an opportunity to work remotely