Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
🔥Become a Luxoft employee🔥
Our Benefits:
💰Paid Referrals
💻Equipment: laptop and monitor
🩺Private Medical & Dental care & Life Insurance covered
🏋🏽 ♀️ MyBenefit program (sports card, well-being program etc.)
🌎 Internal Mobility program - possibility of rotation between projects, locations, accounts
🎓 LuxTalent platform (webinars, training, courses)
...and more!
Project Description:
You will be part of the Neo Dev Support, a global team that enables development teams to deliver business functionality into digital platforms. Working alongside engineers across multiple locations, you will contribute to a high-volume, dynamic platform, ensuring its stability and reliability.
Responsibilities:
- Conduct penetration tests on web, mobile, and API applications, focusing on authentication and entitlements.
- Test identity and access management components (IAM, SSO, OAuth/OIDC, SAML, MFA).
- Identify, document, and prioritize vulnerabilities; work with global engineering teams to remediate them.
- Prepare detailed reports with clear risk assessments and actionable recommendations.
- Automate repetitive testing tasks and integrate security testing into CI/CD pipelines.
- Review infrastructure-as-code (e.g., Terraform) for security issues.
- Participate in red/blue team exercises, threat modeling, and secure code reviews.
- Stay up to date with evolving authentication standards, security technologies, and attack vectors.
Mandatory Skills Description:
- Proven experience in penetration testing for web and API applications.
- Strong understanding of authentication and authorization protocols (OAuth2, OIDC, SAML, MFA, WebAuthn).
- Proficiency with tools such as Burp Suite Pro, OWASP ZAP, nmap, sqlmap, and vulnerability scanners.
- Ability to write custom scripts or exploits (Python, Bash).
- Solid grasp of OWASP Top 10, API Security Top 10, and vulnerabilities like XSS, CSRF, IDOR, and JWT attacks.
- Experience with IAM auditing and entitlement reviews.
- Strong Linux and networking fundamentals (HTTP/S, TLS, cryptography basics).
- Excellent communication skills in English, both written and verbal.
- Ability to collaborate with international development and DevOps teams.
Nice-to-Have Skills Description:
- Experience with cloud platforms (AWS, Azure, or GCP) and related IAM/KMS/HSM components.
- Familiarity with containerization and Kubernetes security.
- Relevant certifications (OSCP, CREST, eCPPT, etc.).
- Experience with Terraform security scanning and SAST/DAST integration in CI/CD pipelines.
- Exposure to red teaming or C2 frameworks.
- Understanding of large-scale distributed systems and token/session management.
- Knowledge of compliance frameworks (ISO 27001, SOC2, GDPR).
- Experience in secure code review and basic understanding of Java or Go.
Languages:
English: B2 Upper Intermediate
Key Skills
Ranked by relevanceReady to apply?
Join Luxoft and take your career to the next level!
Application takes less than 5 minutes