Select your current position

Pick a role and level — we'll show the growth path, skills and gap analysis.

Development path

Junior

0-2 years

Current

Responsibility: Выполнение задач под руководством старших коллег. Изучение кодовой базы, стандартов и процессов команды. Написание кода по спецификациям, исправление простых багов, написание тестов.

Key skills:

E2E Testing Need
Property-Based Testing Need
Security Testing Need
TDD & BDD Need
Unit Testing Need
Integration Testing Need
Load Testing Need
Test Pyramid & Strategy Need
Test Data Management Need
Test Environment Management Need

Middle

2-5 years

Next

Responsibility: Самостоятельная разработка фич от декомпозиции до деплоя. Участие в code review. Оптимизация производительности. Менторинг junior-разработчиков. Участие в архитектурных обсуждениях.

Key skills:

E2E Testing Need
Property-Based Testing Need
Security Testing Need
TDD & BDD Need
Unit Testing Need
Integration Testing Need
Load Testing Need
Test Pyramid & Strategy Need
Test Data Management Need
Test Environment Management Need

Senior

5-8 years

Responsibility: Проектирование архитектуры компонентов и сервисов. Решение сложных технических проблем. Ведение технического долга. Code review как gatekeeper качества. Менторинг middle-разработчиков. Выбор технологий для новых задач.

Key skills:

Code Review Need
Docker Need
E2E Testing Need
ELK Stack Need
GDPR / 152-FZ Compliance Need
Git Advanced Need
GitHub Actions / GitLab CI Need
GitHub Copilot Need
JWT / OAuth2 / OIDC Need
OWASP & Application Security Need
PCI DSS Need
Prometheus & Grafana Need
Property-Based Testing Need
RBAC / ABAC Authorization Need
REST API Design Need
SAST/DAST Need
Security Testing Need
TDD & BDD Need
Unit Testing Need
Algorithms & Complexity Need
Kubernetes Security Need
Cloud Security Need
Documentation as Code Need
Integration Testing Need
Code Quality & Refactoring Need
Threat Modeling Need
Load Testing Need
Secure Coding Practices Need
OOP & SOLID Principles Need
Incident Response Process Need
Network Security Need
Container Security Scanning Need
Dependency Vulnerability Scanning Need
Structured Logging Need
Data Structures Need
API Testing Need
Test Pyramid & Strategy Need
Test Data Management Need
Test Environment Management Need
Vulnerability Management Need

Lead / Staff

7-12 years

Responsibility: Техническое лидерство команды или направления. Проектирование системной архитектуры. Координация с другими командами. Формирование стандартов и best practices. Участие в найме. Планирование технического roadmap.

Key skills:

Code Review Need
Docker Need
E2E Testing Need
ELK Stack Need
GDPR / 152-FZ Compliance Need
Git Advanced Need
GitHub Actions / GitLab CI Need
GitHub Copilot Need
JWT / OAuth2 / OIDC Need
OWASP & Application Security Need
PCI DSS Need
Prometheus & Grafana Need
Property-Based Testing Need
RBAC / ABAC Authorization Need
REST API Design Need
SAST/DAST Need
Security Testing Need
TDD & BDD Need
Unit Testing Need
Algorithms & Complexity Need
Kubernetes Security Need
Cloud Security Need
Documentation as Code Need
Integration Testing Need
Code Quality & Refactoring Need
Threat Modeling Need
Load Testing Need
Secure Coding Practices Need
OOP & SOLID Principles Need
Incident Response Process Need
Network Security Need
Container Security Scanning Need
Dependency Vulnerability Scanning Need
Structured Logging Need
Data Structures Need
API Testing Need
Test Pyramid & Strategy Need
Test Data Management Need
Test Environment Management Need
Vulnerability Management Need

Principal

10+ years

Responsibility: Техническая стратегия на уровне компании или домена. Кросс-организационное влияние. Решение системных проблем бизнеса через технологии. Менторинг lead-инженеров. Публичное представление компании.

Key skills:

Code Review Need
Docker Need
E2E Testing Need
ELK Stack Need
GDPR / 152-FZ Compliance Need
Git Advanced Need
GitHub Actions / GitLab CI Need
GitHub Copilot Need
JWT / OAuth2 / OIDC Need
OWASP & Application Security Need
PCI DSS Need
Prometheus & Grafana Need
Property-Based Testing Need
RBAC / ABAC Authorization Need
REST API Design Need
SAST/DAST Need
Security Testing Need
TDD & BDD Need
Unit Testing Need
Algorithms & Complexity Need
Kubernetes Security Need
Cloud Security Need
Documentation as Code Need
Integration Testing Need
Code Quality & Refactoring Need
Threat Modeling Need
Load Testing Need
Secure Coding Practices Need
OOP & SOLID Principles Need
Incident Response Process Need
Network Security Need
Container Security Scanning Need
Dependency Vulnerability Scanning Need
Structured Logging Need
Data Structures Need
API Testing Need
Test Pyramid & Strategy Need
Test Data Management Need
Test Environment Management Need
Vulnerability Management Need

Gap analysis: skills to develop

To reach the next level you'll need to develop:

E2E Testing

Writes E2E security tests: login/logout flows, session hijacking prevention, CSRF protection, file upload security. Uses Selenium/Playwright with security focus.

Property-Based Testing

Applies property-based testing for security: random input generation for fuzzing, invariant checking for authorization rules. Uses Hypothesis/QuickCheck for security properties.

Security Testing

Conducts security testing: OWASP Top 10 verification, vulnerability scanning (ZAP/Burp), dependency checking (Snyk). Documents findings with reproducible steps.

TDD & BDD

Applies BDD for security requirements: Gherkin scenarios for authentication, authorization rules, compliance requirements. TDD for security utility functions.

Unit Testing

Writes unit tests for security code: input validation functions, encoding/escaping, cryptographic helpers. Tests edge cases and boundary values.

Integration Testing

Writes integration tests for security: authentication flows, authorization checks across services, session management. Tests security middleware and filters.

Load Testing

Conducts security load testing: DDoS simulation, brute-force resistance testing, rate limiting verification. Uses k6/Locust for security load tests.

Test Pyramid & Strategy

Applies test pyramid for security: unit tests for validation functions, integration for auth flows, E2E for critical security paths. Balances coverage and speed.

Test Data Management

Manages test data for security: sanitized production data, synthetic PII generation, credential management for test environments. Ensures compliance in test data.

Test Environment Management

Manages security test environments: isolated environments for penetration testing, sandboxed environments for malware analysis. Configures network isolation.