Job Description :
Currently seeking Senior Engineer, Product Security to join our CyberSecurity Security team, based in the India/US. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.
Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization's expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.
Key Responsibilities:
Review code for security vulnerabilities and practices dangerous to security and privacy.
Write custom rules on automated source code scanning tools
Experience in one or more of the following modern languages/frameworks - Python, Java,React JS, JavaScript
Script (Python,JavaScript,ReactJS,Java) and build automation tools on an ad-hoc basis
Manage security integration into the CI/CD pipeline
Manage integration with manual and automated tools for static and dynamic testing
Develop/Maintain security tools to aid the Vulnerability Management program
Make improvements to the existing security tools and drive the Vulnerability Management initiatives.
Identify areas for automation and tooling to increase code coverage
Build security into infrastructure and architecture designs and guide the implementation with the operations team
Hands-on with AWS and build/deploy/run Python applications in the cloud. Ability to write Lambda functions. (in Python)
Write reports including recommendations, root cause analysis,security summary analysis, and project roadmaps
Establish metrics and reporting to track coverage and effectiveness of security processes
Understand code developed in JS, Node, .NET, Python, PHP, Scala, C/C+, and Ruby
Engage with product and developers to conduct security reviews and define security requirements
Familiarity with NoSQL Queries , DocumentDB, Database activities.
Familiarity with OAuth/OIDC plus(Okta integration)
Familiarity with Deployment Framework Configured with Terraform
Familiarity with AWS Secrets Manager with DB Rotation / Vault with Secrets Rotation
Requirements:
Bachelor's degree in computer science, software engineering or equivalent experience
3 to 5 years of software development with at least 2 years in developing secure systems.
Experience in one or more of the following modern languages/frameworks - Python, Java,React JS, JavaScript
Script (Python,JavaScript,ReactJS,Java) and build automation tools on an ad-hoc basis
Ability to write Lambda functions (in Python)
Proficiency in version control tools like Git.
Ability to write Simple queries
Manage integration with manual and automated tools for static and dynamic testing
Develop/Maintain security tools to aid the Vulnerability Management program
Make improvements to the existing security tools and drive the Vulnerability Management initiatives.
Identify areas for automation and tooling to increase code coverage
Build security into infrastructure and architecture designs and guide the implementation with the operations team
Thorough understanding of DevOps principles and building code pipelines
Experience with cloud security, particularly for AWS and/or Azure Experience with integrating security into a DevOps culture
Understand code developed in JS, Node, .NET, Python, PHP, Scala, C/C+, and Ruby
A strong understanding of modern development processes including agile development
Extensive experience with application security tools like code scanners(Checkmarx,Fortify,Synk, Nexus) and dynamic analysis tools (Burp,Zap etc)
Pen test experience is good to have
Experience with common information security management frameworks like NIST CSF, NIST SP 800,OWASP
Hands-on with AWS and build/deploy/run Python applications in the cloud. Ability to write Lambda functions.
Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting etc.
Minimum Qualifications :
3 to 5 years of software development with at least 2 years in developing secure systems.
Experience in one or more of the following modern languages/frameworks - Python, Java,React JS, JavaScript
Script (Python,JavaScript,ReactJS,Java) and build automation tools on an ad-hoc basis
Ability to write Lambda functions (in Python)
Proficiency in version control tools like Git.
Familiarity with JIRA
Understand code developed in JS, Node, .NET, Python, PHP, Scala, C/C+, and Ruby
Hands-on with AWS and build/deploy/run Python applications in the cloud. Ability to write Lambda functions.
Experience with Database activities.Ability to write Simple Queries.
Thorough understanding of DevOps principles and building code pipelines
A passion for application security related problems.Working knowledge of web application vulnerabilities and mitigations.
Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting etc.
Additional licensing, certifications preferred :
SANS/ Other Security Certifications
Cloud Certifications
This job is posted with NTS Technology Services Pvt. Ltd.
Job Category:
News Corp is a global, diversified media and information services company focused on creating and distributing authoritative and engaging content to consumers throughout the world. The company comprises businesses across a range of media, including: news and information services, book publishing, digital real estate services, cable network programming in Australia, and pay-tv distribution in Australia.
Headquartered in New York, the activities of News Corp are conducted primarily in the United States, Australia, and the United Kingdom.
