Senior Application Security Analyst

at  Quadcode

ABOUT THE TEAM

We are Quadcode, a fintech company excelling in financial brokerage activities and delivering advanced financial products to our global clientele. Our flagship product, an internal trading platform, is offered as a Software-as-a-Service (SaaS) solution to other brokers.
Now we are looking for a Senior Application Security Analyst to join our Application Security team, which provides services to ensure the security of in-house developed software, including threat analysis, architectural review, automated scanning, and manual checking.
In this role, you will play a crucial role in safeguarding Quadcode’s digital products by designing and implementing advanced security measures. Working at the forefront of technology, your primary focus will be to identify, assess, and mitigate security vulnerabilities throughout our software development lifecycle. You will work on applications developed in Golang, C++, TypeScript, and JavaScript, ensuring they are protected against potential threats and breaches. This is an exciting opportunity to work in a dynamic environment where you can make a significant impact by implementing the best security practices and collaborating with cross-functional teams.
If you have a strong grasp of security best practices, excel in risk assessment, and thrive in collaborative environments, we invite you to join us in creating secure, innovative solutions that will enhance Quadcode’s security processes.
The team consists of 2 professionals: an Application Security Analyst, and a Team Leader.
We work with Agile and Scrum methodologies, including 2-week sprints, grooming, planning, and retrospectives, as well as the SAFe framework. Our team utilizes Google Meet, Slack, TargetProcess, Wiki, and Confluence for collaboration. We operate in the EET/EEST time zone.

REQUIREMENTS

• 3–5 years of proven experience as an Application Security Analyst or in a similar role within application security;
• 3+ years of experience with software development methodologies and secure coding practices;
• Strong understanding of common application vulnerabilities, attack vectors, and mitigation techniques;
• 2+ years of experience with security standards and frameworks, such as PCI-DSS and GDPR;
• 2+ years of experience with security tools, including SAST, SCA, DAST, and penetration testing tools;
• Proficiency in at least one programming language, such as Python or Go, with a minimum of 2 years of experience;
• English proficiency at B1+ level (ability to read technical documentation and communicate with international teams);
• Fluent in Russian (at least C1 level).

• Work with development teams using a shift-left approach to integrate security best practices into the SDLC;
• Conduct security reviews at the design stage and prior to product deployment for both existing and new services;
• Integrate and maintain security processes and tools (SAST, SCA, DAST) within development pipelines;
• Develop and maintain a security architecture blueprint; Define and uphold information security requirements for products;
• Conduct penetration testing, simulating real-world attack scenarios;
• Manage the Bug Bounty program by processing reports from external researchers and overseeing the remediation of vulnerabilities;
• Lead developer awareness programs to educate teams on common security pitfalls;
• Support AppSec tools and services, and engage in research and development (R&D) for SDLC protection methodologies;
• Conduct security risk assessments and threat modeling for applications.