Application Security Engineer
As Kiwi.com has grown with incredible speed, our teams created a lot of microservices. This was a trigger for the creation of the Platform team which then gained some control over those. As the number of services grew, even more, we naturally split into separate squads, one of them being focused on Application Security.
- SDL – to help teams with security decisions and to prevent them from introducing new security flaws without introducing friction.
- Bug Bounty Program – triaging vulnerabilities from the world’s best hackers on our (currently private) HackerOne program.
- Cloud Security – cooperating with our infrastructure squad to secure our Kubernetes and Google Cloud Services with new shiny tools like IAP, Istio or Vault.
- Best Practices – creating secure development practices and programs for our engineering teams and external developers
- Automation – writing tools to help with the automation of tedious security tasks, e.g. helping with security checks in The Zoo or maintain services such as Security Monkey.
- Community – building internal security awareness among developers, making internal security workshops or helping the external community by organizing and speaking on meetups
- Some knowledge of Python or Go
- Be comfortable with Linux
- Understanding of common web security flaws like XSS or SSRF
- Willingness to learn and experiment
- Be able to read this job listing without Google Translate
- What we would like to see
- Curiosity
- CTF or bug bounty experience
- Background in software engineering
- Open source projects or public speaking engagements
- Experience with manual secure code review in JavaScript, Python, Go, Kotlin or Swift
- Experience with GCP, Docker, Kubernetes, Istio or microservices
- Some experience with GitLab CI, DAST, SAST, Burp Suite, dependency or container scanning tools
- Awareness of serverless or GraphQL
- We are a group of passionate developers who like to do stuff the right way.
- We are happy to write open-source code that gives back to the community.
- In the AppSec squad, we mostly spend our free time playing games, playing CTFs or hacking other companies as bug bounty hunters.
- Challenging SDL, as we deploy immediately after a job is completed, not after months of QA.
- Do, fail, learn — repeat! We understand that mistakes happen and we learn fast.
- We decide which cutting-edge technologies are appropriate for the task. This includes Identity Aware Proxy, Istio, Vault or GitLab Ultimate
- We love contributing to Open Source
- We share our practices by writing articles to code.kiwi.com and speaking at conferences and technological events worldwide. For example Our Comprehensive Guide to Python Dependencies
- We code at hackathons and hack at CTF competitions
- We support the local technological community and support the organization of OWASP meetups.
- We use our work time wisely with a friendly vacation policy and work schedule.
- We also like to party and hang out together.
- Dogs, kids, and parties are welcome in our offices.
- Besides a fair salary, we can also look forward to quarterly bonuses dependent on our performance
- We work, play, relax, workout and even nap in our offices (complete with sauna, gym, masseur, sleeping rooms, canteen, chillout zones, free refreshments, etc.)
- We also enjoy standard benefits, such as Sodexo Gastropass for meals and Flexipass for hobbies, sick days, VIP Medical Care, flight vouchers, and a multisport card
- Thanks for reading this far! That probably means you’re really excited about this position, we like that!
- Are you tired of doing security the old way? You have good ideas, but you are not able to bring them to reality in your current company? Would you like to work with cutting edge technologies and you would like to play with it more on company wide level? If answer to any of those question is yes, don’t hesitate and apply today!
What you can actually work on?
What we need from you?
The Platform Team
Why it rocks to be at Kiwi.com?
We offer you
•Besides a motivating salary, we offer quarterly bonuses dependent on the company’s overall results and your own performance.
• The opportunity to join our Phantom Stock scheme (for positions from level 5 upwards).
•We also enjoy benefits, such as meal vouchers, 20+5 days vacation, Cafeteria program, sick days, VIP Medical Care, multisport card.
•Flight vouchers to celebrate your kiwi anniversaries.
•Occasional work from home and/or our modern office located in ZET Nová Zbrojovka where you can enjoy sauna, gym, masseur, sleeping spots, canteen, showers, chillout zones, Rebelbeans coffee, garage spaces.
•Hardware from Apple or Microsoft based on your preferences.
•Relocation package (including visa support).
•We offer unlimited contracts within a forward-thinking and ambitious company.
•Dogs, kids, and parties are welcome in our offices.
•Grow.Kiwi program which supports parents and keeps them engaged with the company.
Interested? Join us and hack the traditional ways of travel!
Kiwi.com is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at: https://jobs.kiwi.com/recruitment-privacy-policy/.
LocationBrno, Czech Republic
TeamDevs
Employment typeFull-time
