Application Security Engineer (Security Team)
We are Semrush, a global IT company developing our own product – a platform for digital marketers.
Tasks in the role
Work closely with development teams to mitigate security vulnerabilities.
Select, design, and implement security processes and tools for security testing of developed applications.
Implement automated security solutions for delivery processes.
Run monitoring and participate in vulnerability scans.
Stay up to date on security technology trends and best practices.
You will also leverage your security skills to support and manage the Semrush bug bounty program, participate in our product security incident response actions and other operational appsec responsibilities.
Our ideal new team member considers the security landscape holistically, understanding there are many possible approaches and tactics to reduce risks.
Who we are looking for
You have an application security background with a focus on scalable approaches to product security.
You have experience with threat modeling, security design reviews, and security architecture.
You have excellent written and verbal communication skills and are able to translate security objectives to engineering team tasks.
You have experience partnering with cross-functional teams to deliver widely impactful security initiatives.
They say there are no perfect candidates, but that might well be you, if
Participation in bugbounty, HTB, or CTF and the ability to confirm participation with links to the results.
You have experience with Gitlab/Github CI/CD and YAML pipelines.
You know the subtleties, can read source code, and identify vulnerabilities in the code of one or more programming languages (Golang, Java, Python).
Knowledge of one of the programming languages at a level sufficient to automate routine tasks.
You are familiar with the modern web application development process.
A bit about the team
The Semrush Security Team comprises:
Application Security Team
Infrastructure Security Team
Common Flow & Compliance Team
As Semrush continues to grow, so does our necessity to simplify and automate workflows to meet the needs of our internal teams, partners, and external users.
The Semrush Security Team is a strong team, and the famous security researcher Andrey Leonov and other talented guys are with us.
The Application Security Team is working on complex and multi-layer software products, and as a member of AppSec, you will also be able to participate in building secure software development processes. We are not limited to basic workflows like DAST and SAST, we focus our efforts on scalable investments in our engineering ecosystem to identify and drive high-impact security initiatives
We will try to create all the right conditions for you to work and rest comfortably
License for Burp Pro, Metasploit Pro and other hacking tools, as well as help from friendly colleagues.
Access to online platforms HTB, pentesterlab.
You are free to choose a work format. Work in the office or from home if you want. You can mix as well! Freedom is trending now. So are we.
Flexible working day start that would suit a night owl and an early bird alike. You can start between 9:00 am and 12:00 pm.
Private health insurance program. Life insurance.
Agile approach to work (we’ll gladly teach you).
Online English classes.
Training/online courses and workshops/conferences/books to improve your hard and soft skills.
Financial compensation for sports and hobbies (gym/dancing/languages/horseback riding/painting/wakeboard… and many more. It’s really up to you!)
Corporate psychologist consultations. Mental health is as important as physical well-being.
Awesome parties, team building and corporate events in different formats – both online and offline, depending on the current global situation. We can have fun in any case! :)
Finally, a little more about our company
Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing.
We've been developing our product for 13 years and have been awarded G2's Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.
10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush, and over 1,000 people around the world are working on its development. The Semrush team is constantly growing.
Our new colleague, we are waiting for you!
Talent Acquisition Specialist