Application Security Analyst (Mid/Senior) - Porto Job Description: Celfocus is a European tech system integrator, providing professional services focused on creating business value through Analytics and Cognitive solutions – addressing Telecommunications, Energy & Utilities, Financial Services and other markets' strategic opportunities. Serving clients in 25+ countries, Celfocus delivers solutions such as accelerating digital network transformation in Autonomous Networks, elevating and monetising business services in B2B2x ecosystems, and providing highly relevant customer experiences through Hyper-personalisation solutions. About the role: Celfocus is looking to add an Application Security Analyst to join our team. As a part of your job, you will: Conduct analysis and threat modeling for new and existing Celfocus products/projects. Analyze and discuss requirements; interact with all participants in the software development process. Perform penetration testing on web applications. Conduct both manual and automated testing. Participate in the creation and development of the company's products at all stages of their life cycle. What are we looking for? A lively and flexible mind, clear logic, a solution-oriented approach. Capability to align with teams from Analysts, Designers, Architects, Developers to DevOps. Knowledge of HTTP. Working knowledge of programming languages. Knowledge of the Top 10 OWASP vulnerabilities: how to find, exploit, and fix them. Knowledge of Burp Suite or other popular web scanners like ZAP, Acunetix, Netsparker, etc. The desire and ability to work in a team. The desire to develop yourself in the field of application security. Knowledge of English at least at the level of reading technical documentation. Nice to have: Good knowledge of Linux or Windows operating systems. Skills in scripting and automating your work using Powershell, Python, Bash, etc. Knowledge of the OWASP Application Security Verification Standard (ASVS), OWASP Testing Guide and experience in whole product or feature planning. An understanding of browser security mechanisms (SOP, cookies, CSP, HSTS, etc.). Familiarity with various protocols and attacks against them (OAuth, JWT, websockets, etc.). Experience with public clouds (Azure, AWS, GCP). Experience with pipeline orchestrators (Jenkins, Azure DevOps, GitLab CI/CD). Penetration testing experience. Personal traits: Ability to adapt to different contexts, teams, and clients. Teamwork skills but also a sense of autonomy. Motivation for international projects and willingness to travel. Willingness to collaborate with other players. Strong communication skills. We want people who like to roll up their sleeves and open their minds. Believe this is you? Come join the team! #J-18808-Ljbffr
