MacPaw is a software company with headquarters in Kyiv, Ukraine, that develops and distributes software for macOS and iOS. At MacPaw, we believe that humans and technology can reach their greatest potential together. Today, our products have more than 30 million users worldwide.
MacPaw is proud to be Ukrainian. The support and development of Ukraine are significant parts of the company’s culture. MacPaw gathers open-minded people who support each other and aspire to change the world around us.
We are seeking a Security Application Engineer to join our Information Security Service team.
You will join a mature team of 5 more specialists and work together to ensure that our software applications are secure and protected against potential threats.
Here are some examples of your future tasks:
- Provide security requirements for new features/products
- Perform application security reviews as per request
- Conduct a security assessment of services/applications of existing security processes and tools
We're searching for a new team member who not only shares our passion for resolving business and security challenges but also knows how to work effectively with all of our products and teams to make a real impact. That’s why excellent communication skills, curiosity, and a great sense of responsibility are essential.
In this role, you will:
- Based on information security strategy, create policies and standards for secure software development process and products protection
- Own and perform application security vulnerability management - support application security reviews, provide threat modeling, including code review and dynamic testing
- Coordinate the bug bounty program by ordering external security tests, selecting relevant independent bug bounty hunters, and coordinating their work in order to discover security vulnerabilities and weaknesses in applications/systems
- Facilitate and support the preparation of security releases
- Support automated security testing to validate that secure coding best practices are being used
- Stay up-to-date with the latest OSS vulnerabilities and trends aimed to maintain MacPaw products highly secure and protected
- Train and consult developers on a security topic
Skills you’ll need to bring:
- At least 3 years of experience in application security
- Familiarity with web application security vulnerabilities and countermeasures, such as OWASP ASVS and OWASP TOP 10
- Hands-on experience with tooling (Burp Suite, OWASP ZAP)
- Experience in threat modeling
- Knowledge of programming languages such as РНР, JS, Python, Swift
- Experience in partnering and making agreements with cross-functional teams
- Strong analytical and problem-solving skills
- Excellent verbal and written communication skills
- At least an Intermediate level of English
- Native (fluent) Ukrainian
As a Plus:
- Hands-on experience with Bug Bounty
What we offer:
- We are a Ukrainian company, and we stand with Ukraine against russian aggression
We maintain workplaces and salaries for the mobilized Macpawians and provide financial support to colleagues or their families affected by the war.
Here you also can read about MacPaw Foundation, which intends to help save the lives of Ukrainian defenders and provide relief to as many civilians as possible.
- Hybrid work model
It’s entirely up to you whether to work remotely or at the hub. If you decide to mix it, our Kyiv headquarters (HQ), which works as a coworking space, is open around the clock. The HQ is supplied with UPS and Starlink for an uninterrupted work process.
We also rent space in the Promprylad Coworking in Ivano-Frankivsk and reimburse the costs of renting a coworking space in any other city.
If you decide to work at home, we cover the costs spent on your workspace organization: portable power stations, power banks, etc.
- Your health always comes first
We cover 100% of your medical insurance costs and 50% for your dependents. We also offer a 50% refund for psychotherapy.
- Flexible working hours
You can choose a schedule that is comfortable for you. No one here tracks your clock in/clock out because MacPaw is built on trust and cooperation.
- Space to grow both professionally and personally
Whatever your dreams and aspirations are, we got you. Education budget, annual development reviews, free English classes, and regular lectures. We also offer personal coaching with organizational coaches.
- Teams we are proud of
We build honest, transparent, and reliable relationships within teams. Every Macpawian can improve processes and implement their ideas. We encourage open and constructive feedback and provide training for Macpawians on giving and receiving feedback.
- HQ designed for people (and pets)
Our headquarters has it all. A spacious workplace with enough room for sitting up, lying down, and running around. A gym for recreation, fitness, and yoga. Cozy kitchens with coffee, snacks, and lunches. Sleeping/meditation rooms. A terrace with a view where we throw summer parties. Also, we have two cats living in the office, and you are welcome to bring your pets to the office (we have separate floors for cats and dogs).
- Time-off policy that covers life’s needs
20 vacation days, unlimited paid sick leaves, xDays (2 days a month to work on side projects), days for personal time-off designed to help you take care of essential matters in your personal life, and parental leaves. On top of all that, sabbaticals are open after 5 years of being with MacPaw.
- Join social initiatives with MacPawCares
MacPaw participates in numerous humanitarian aid and charity projects across many fields, and you are welcome to jump in and spend up to 24 working days per year making the world a better place.