Application Security specialists work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure. By leveraging diverse technologies and an automation first approach, the Security Automation team strives towards improving the efficiency, effectiveness, and accuracy within GitLab's Information Security program
Application Security Responsibilities
Perform vulnerability management and be a subject matter expert (SME) for mitigation approaches
Support and evolve the bug bounty program or internal and external pen tests
Conduct risk evaluation of GitLab product features
Conduct application security reviews, including code review and dynamic testing.
Participate in initiatives to holistically address multiple vulnerabilities found in a functional area
Collaborate with product teams to ensure that the GitLab product meets security automation requirements for ourselves and our users
Develop security training and socialize the material with internal development teams
Develop automated security testing to validate that secure coding best practices are being used
Facilitate preparation of both critical and regular security patches and releases
Guide, advise, and assist product development teams as SMEs in the area of application security
Assist with recruiting activities and administrative work
Application Security Requirements
Familiarity with common security libraries, security controls, and common security flaws that apply to Java, .Net and web applications
Some development experience (JS or Python preferred)
Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
An understanding of network and web (Internet security) related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Familiarity with cloud security controls and best practices
Solid understanding of the DevOps and experience with Docker and K8s a plus
معرفی شرکت
دیجیپی یک استارتاپ جوان در حوزه پرداخت الکترونیک با مجوز پرداختیاری است که حاصل ادغام استارتاپ هُماپی در هلدینگ دیجیکالا است.
دیجیپی در سال ۱۳۹۷ عضوی از خانواده دیجیکالا شد. هدف گروه دیجیکالا از ورود به حوزه فینتک، ارائه سرویسهای پرداخت الکترونیک با پایداری بالا و بهترین تجربه برای مشتری بود. به دنبال تعریف این هدف، مسیر توسعه سرویسهای دیجیپی مشخص شد.
محصولات شرکت:
-(Smart IPG) درگاه پرداخت هوشمند اینترنتی
-(Refund) بازگشت وجه به مشتری
-(Payout) پرداخت وجه با کیف پول تجاری
-اپلیکیشن موبایل دیجیپی
-(Smart Dashboard) داشبورد هوشمند
-کیف پول خرید اقساطی