ABOUT THE TEAM

We are Quadcode, a fintech company excelling in financial brokerage activities and delivering advanced financial products to our global clientele. Our flagship product, an internal trading platform, is offered as a Software-as-a-Service (SaaS) solution to other brokers.
We are currently looking for an Application Security Analyst to join our Security team and play a key role in safeguarding Quadcode’s digital products.
In this position, you will have the opportunity to design and implement cutting-edge security measures, working at the forefront of technology to protect our applications from vulnerabilities and breaches. You will work on applications developed in Golang, C++, TypeScript, and JavaScript, ensuring they are protected against potential threats and breaches.
The team consists of 7 professionals: 3 Information Security Analysts, 2 SOC Analysts, an Application Security Analyst, and a Team Leader.
We work with Agile and Scrum methodologies, including 2-week sprints, grooming, quarter planning, and retrospectives. Our team utilizes Google Meet, Slack, TargetProcess, Wiki, and Confluence for collaboration. We operate in the GMT+3 time zone.
If you have a strong grasp of security best practices, excel in risk assessment, and thrive in collaborative environments, we invite you to join us in creating secure, innovative solutions that will enhance Quadcode’s security processes.

REQUIREMENTS

• Minimum 3 years of proven experience as an Application Security Analyst or in a similar role within application security.
• 3+ years of experience with software development methodologies and secure coding practices.
• Strong understanding of common application vulnerabilities, attack vectors, and mitigation techniques.
• 2+ years of experience with security tools, including SAST, SCA, DAST, and penetration testing tools.
• Proficiency in at least one programming language, such as Python or Go, with 2+ years of experience.
• Strong communication skills, problem-solving, teamwork, attention to detail, adaptability, and project execution skills.
• English proficiency at B1+ level (ability to read technical documentation and communicate with international teams).
• Fluent in Russian (at least C1 level).

• Work with development teams with a “shift-left approach” and integrate security best practices into the SDLC.
• Conduct security reviews at the design stage and prior to product deployment for both existing and new services.
• Integrate and maintain security processes and tools (SAST, SCA, Secret Scanning) into development pipelines.
• Develop and maintain an architecture security blueprint.
• Define and uphold information security requirements for products.
• Conduct penetration testing, simulating real-world attack scenarios.
• Manage the Bug Bounty program by processing reports from external researchers and overseeing vulnerability remediation.
• Conduct developer awareness programs to educate teams about common security pitfalls.
• Support AppSec tools/services and engage in research and development (R&D) for SDLC protection methodologies.
• Conduct Security Risk Assessment and Threat Modelling for applications.