Align Technology is a global medical device company that pioneered the invisible orthodontics market with the introduction of the Invisalign system in 1999. Today, we develop innovative, technology-rich products such as Invisalign system of clear aligner treatments, the iTero scanner services to help dental professionals achieve the clinical results they expect and deliver effective, cutting-edge dental options to their patients.

Team responsibility:

We’re looking for Security QA Engineer who will be responsible for security automation and manual testing activities for backend services, web portals and web applications, which allows iTero scanners end-users to manage patients and track orders statuses.

In our matrix organization, the Security QA Engineer works closely with Information Security Business Analyst, Product Owner and R&D teams (software engineers, HW engineers, SQA) to build and release high quality products.  One of the main tasks will be to integrate security testing with CI/CD approach within cloud infrastructure (AWS).

We are looking for a person with attention to detail and high concern for data accuracy and security assessments. The person who loves to dig into the details, curious by nature.

What we expect from you:

• Passion for application security, willingness to continue growing your skills in this domain
• Analytic way of thinking, ability to systematize information and learn complex things quickly
• Strong interpersonal skills with ability to work both independently and as part of a team
• At least 1 year (desirable 2+ years) of experience in security testing (on frontend, backend, databases levels)
• Understanding of operating systems, networks, and protocols, including TCP\IP stack
• Technical understanding of the OWASP Top 10
• Testing cloud platforms experience
• Understanding of software development life cycle
• Experience with scripting languages such as: Python, bash, Powershell, etc
• Testing Automation experience is a plus
• Experience working with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, etc is a plus
• Fluent English (written and spoken)

What will be you responsibilities:

• Create and present security test strategies for set of applications, services, products
• Estimate testing effort for new features
• Conduct testing during releases testing cycles
• Analyze reports from SAST and DAST tools
• Create bug reports in JIRA, validate defect fixes for product security updates
• Update testing reports with test execution results
• Integrate security testing automation into CI/CD
• Provide knowledge sharing sessions on security testing to other team members / teams
• Participate in project releases delivery to production (on demand)
• Ensure the quality and security of not only the code, but also - requirements & processes

We offer:

• Interesting tasks and the opportunity to work on an innovative product in a strong team
• Full medical insurance for employees and their children (including dentistry), life insurance, travel insurance, a doctor available in the office
• 100% paid sick leave
• 28 days of paid vacation per year + 3 additional days
• Lunch allowance
• Sports and ergonomics of the home workplace
• Discounts on Invisalign treatment for employees and their family members
• English courses payment
• Courses/books/conferences for professional development payment
• Comfortable office with gym ("Danilovskaya Manufactory", Tulskaya metro station)
• Remote work for the pandemic period (hybrid format is possible)