We are seeking an experienced Product Security Engineer II to join our Product Security Engineering team in Bengaluru, reporting to the senior manager of Product Security Engineering. In this role, you will be crucial in leading and ensuring the security and integrity of our applications and systems. You will be responsible for identifying, assessing, and mitigating security risks and implementing robust security measures throughout the software development lifecycle. Your expertise in application security, threat modeling, and penetration testing will be essential in safeguarding our critical systems and protecting sensitive data from potential threats.
You are the ideal candidate if you are highly motivated with a keen interest in staying up to date with the latest technologies and the ever-evolving application threat landscape. You are also passionate about product security and dedicated to maintaining the highest standards.
What you ll do,
- Perform security assessments, application security reviews, and penetration testing for SaaS services, on-prem solutions focused around DNS/DHCP protocol
- Collaborate with development teams to enforce secure coding practices, guidelines, and standards
- Ensure integration of security requirements and threat modeling considerations into the software development lifecycle. Offer guidance and support during security-related discussions and decision-making processes
- Provide guidance on secure design principles and assist in addressing security issues
- Plan, execute, and analyze application security testing, including penetration testing, vulnerability scanning, and code reviews
- Interpret penetration test results and recommend remediation measures based on identified threats
- Work closely with development teams to design and implement effective security controls like access controls, authentication mechanisms, encryption, and secure communication protocols
- Utilize threat modeling outputs to guide security control selection and implementation
- Keep up-to-date with emerging security threats, vulnerabilities, and best practices in application security and threat modeling
- Educate development teams on secure coding practices, common vulnerabilities, and security best practices
- Conduct security training sessions and workshops to raise awareness of threat modeling concepts and foster a security-conscious culture
What you ll bring:
- Minimum 5 years of experience in vulnerability management and penetration testing
- Strong knowledge of application security principles, threat modeling methodologies, and best practices
- Proficiency in secure coding practices, vulnerability assessment, and penetration testing methodologies
- Strong development knowledge in Shell Scripts, Python or Golang is a major plus
- Familiarity with cloud environment like AWS, GCP, Azure and technologies like Kubernetes, Containers etc .
- Familiarity with common web application vulnerabilities (e.g., OWASP Web/API Top 10) and corresponding mitigation techniques.
- Experience with implementing and managing security testing tools and technologies, such as static analysis tools, dynamic application scanners, and penetration testing frameworks
- Strong understanding of secure software development lifecycle (SDLC) and ability to integrate security practices and threat modeling into agile development processes with SAST & DAST tools, including Coverity, CodeQL, SonarQube, and Contrast
- Knowledge of authentication, authorization, and access control mechanisms, cryptographic algorithms, and secure network communication protocols
- Familiarity with industry standards and frameworks such as ISO 27001, NIST, PCI DSS, and GDPR
- Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts to non-technical stakeholders
- Relevant certifications such as CISSP, CSSLP, CEH, OSCP, and/or OSWE are a plus
- Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.
- MS/M.tech or BS/B.tech in Computer Science or related field, or equivalent work experience required
What success looks like:
After six months, you will
- Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that require secure code reviews and application security assessments
- Reach proficiency with processes and procedures laid out for the team in delivering best-in-class product security services
- Build knowledge and hands-on experience with cutting-edge technologies
- Understand the team of engineers and the current state
After about a year, you will
- Be an independent key contributor to the team
- Contribute to the development and implementation of a comprehensive product security framework that encompasses multi-cloud infrastructure and SaaS products and services
- Identify and address potential vulnerabilities and threats in our products and services
- Contribute to promoting a security-conscious culture within the organization, including conducting security awareness campaigns, delivering training sessions, and providing guidance to development teams on secure coding practices and threat modeling
