Project description
Join our Development Centre in Bucharest and become a member of our open-minded, progressive and professional team. In this role you will be working for one of our world-famous clients.
The Chief Security Office (CSO) of our client comprises the Chief Information Security Office (CISO) and the Corporate Security unit. The CISO organization guarantees information security for our client.
The role resides inside the Cyber Hygiene Engineering team within CSO. The team is responsible for developing and maintaining security solutions that improve the organization's security posture through automation, cloud security, vulnerability management, and application security.
On top of attractive salary and benefits package, Luxoft will invest into your professional training, and allow you to grow your professional career.
Responsibilities
- As a Cyber Hygiene Security Engineer / Developer, you will design and build security integrations, automation workflows, and scalable solutions that support Cyber Hygiene operations across cloud and application environments. You will work closely with Security, Engineering, and DevSecOps teams to reduce risk and improve remediation effectiveness.
- Develop and maintain security automation and integrations across platforms such as Prisma Cloud, Brinqa, ServiceNow, and ACS solutions.
- Build APIs, dashboards, reporting, and workflow automation to improve security operations.
- Support CSPM, CWPP, vulnerability management, and exposure management capabilities.
- Integrate Application Security Code Scanning (ACS) solutions into SDLC and CI/CD pipelines.
- Collaborate with application and cloud teams to identify, prioritize, and remediate security findings.
- Implement secure-by-design controls and DevSecOps practices.
- Produce technical documentation, standards, and solution designs.
- Support audit, compliance, and regulatory requirements through automated reporting and evidence collection.
SKILLS
Must have
- Engineering & Cloud
- 3-5+ years of experience in Software Engineering, Security Engineering, or DevSecOps.
- Strong programming skills in Python, Java, Go, C#, or JavaScript.
- Experience with REST APIs, microservices, and CI/CD pipelines.
- Hands-on experience with GCP, Azure, or AWS.
- Knowledge of Kubernetes, Docker, Terraform, and cloud-native architectures.
Security
- Experience with vulnerability management and cloud security.
- Familiarity with Prisma Cloud (CSPM/CWPP), Brinqa, Tanium, and ServiceNow.
- Understanding of CVE management, CVSS scoring, and remediation workflows.
Application Security (ACS)
- Experience with Application Security Code Scanning (ACS) solutions.
- Understanding of SAST, DAST, SCA, and secure coding practices.
- Experience reviewing and remediating application security findings.
OWASP Top 10
- Good understanding of OWASP Top 10 security risks and their remediation.
- Experience working with developers to identify and remediate vulnerabilities such as Injection, Broken Access Control, Security Misconfiguration, Vulnerable Components, Authentication Issues, and SSRF.
- Ability to translate security findings into practical remediation guidance for engineering teams.
Preferred Qualifications
- Security certifications (CISSP, CCSP, GCP Security Engineer, CSSLP, Security+).
- Experience in cloud security and regulated enterprise environments.
- Knowledge of DevSecOps and security automation best practices.
Nice to have
• Experience in a multinational environment is a plus