SoftServe Security Team

Additional Info

Job title of nominated professional (or team name)security experts and consultants
Company (where nominated professional or team is working)SoftServe
Websitehttp://www.softserveinc.com/en-us/home/
Company size (employees)4,000
CountryUnited States

Overview

Founded in 1993, SoftServe is a leading technology solutions company specializing in software development and consultancy services. Our experience stretches from Big Data/Analytics, Cloud, Security and UX Design to the Internet of Things, Digital Health and Digital Transformation, we have offices across the globe and development centers across Eastern Europe.
Each security service engagement is led by a group of security experts and architects with multiple security certifications and considerable security experience, including:
• the Open Web Application Security Project (OWASP) membership and chapter leadership
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Certified Internet Web (CIW) Licenses

In 2014, SoftServe achieved ISO 27001:2013 certification for offices in Bulgaria, Ukraine and USA after extensive audits carried out by Ernst & Young CertifyPoint. The certification was successfully verified by EY CertifyPoint in 2015. “ISO27001 is an important standard which is critical for organisations to manage and protect valuable data and information assets; so we are pleased to have audited SoftServe and to award their certification,” said Jatin Sehgal, Global Practice Leader, EY CertifyPoint.
SoftServe’s Security Consultant Lead, Nazar Tymoshyk http://united.softserveinc.com/members/87/ , is the leader of OWASP Chapter Lviv, and a regular contributor to eSecurity and Virtual Strategy Magazine. In November, 2015 he organized the first OWASP Ukraine Meetup in Lviv, Ukraine (SoftServe’s European HQ).
SoftServe also promotes educational initiatives focused on the Security-related topics. The company regularly holds Security events, such as Security Hole (1-day conference with a couple of speakers, both from SoftServe Security Office and invited presenters). On March 2, 2016 the 18th conference will take place in the company’s European HQ office.
In 2015, SoftServe’s solution won the “Security Solution of the Year” in the 2015 European IT & Software Excellence Awards, Solution Provider category.

Accomplishments

• We believe in comprehensive security and secure SDLC. SoftServe’s Security Experts have been protecting businesses and making life difficult for hackers since 2008. By providing assessment services, security threat modeling, and penetration testing, SoftServe ensures a secure Software Development Lifecycle, and eliminates security vulnerabilities. Assessments are performed by looking deep into an application itself, including code review and legacy technology review, as well as modeling for potential security issues and hidden threats.


• We adopt the best security practices and develop them – then we share them and educate. Apart from the Security team, other SoftServe groups are involved in the process to ensure comprehensive security at all levels: for example, SoftServe R&D Office includes Threat Labs, Software Architecture Group ensures Secure Design, Software Development Office – competence development, Training Management Group – conducts trainings on security. SoftServe’s proprietary well-documented and proven set of Practices, Activities and Tools for achieving solution security goals is called Abiliton Secure SDLC (consists of 6 phases: Preparation, Requirements Assessment & Analysis, Design, Implementation, Verification, and release).


• Hundreds of companies from start-ups to large enterprises trust SoftServe to ensure the security of their Applications, Internet of Things, Enterprise, or even Corporate IT Security Policy:
“The successful delivery of the project in a relatively short amount of time and on budget resulted not only in a clear and concise security analysis and overview, but several GB of log files that help us identify attack vectors. We were able to meet the requirements of our customers, identify areas to improve, as well as obtain patterns that can be analyzed to prevent future exploits,” David Martineau, CTO, ContractPal.