- We are currently seeking a Senior Engineer, Product Security to join our Product Security team, based in Bangalore, Karnataka, India
- The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems
- Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom-developed tools
- Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed the organization s expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment
- As part of our Product Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, APIs, Mobile Applications and social engineering
- You shall also perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks and recommendation
Key Responsibilities:
- Hands-on experience with OWASP Web and Mobile Top 10 standards,NIST CSF, NIST SP 800,PCI DSS including mitigation of common threats.
- Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Solid understanding of application security topics such as authentication, authorization, encryption, session management, federation, API security, etc
- Extensive experience with web and mobile application security tools like code scanners (Checkmarx, Fortify, Snyk, Nexus) and dynamic analysis tools (Burp Suite, ZAP, etc).
- Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
- Review application code for security vulnerabilities and practices dangerous to security and privacy
- Convey complex technical security concepts to technical and non-technical audiences including executives
- Mentor junior members of the team and act as a subject matter expert for application security issues.
- Manage integration with manual and automated tools for static and dynamic testing.
- Conduct threat modeling and risk analysis to identify exposure and develop mitigation plans.
- Build security into infrastructure and architecture designs and guide the implementation with the operations team
- Experience with cloud security, particularly for AWS and/or Azure Experience with integrating security into a DevOps culture.
Minimum Qualifications.
- Bachelors degree/MTech with an emphasis on cyber security.
Minimum 6 years of experience in Application Security performing, Penetration Testing on Web Application, Mobile (Android and IOS) APIs, SAST, SCA, SSDLC. Threat Modeling and Secure design review would be an added advantage.
1-2 years of software development with at least 1 year in developing secure systems.
Experience in one or more of the following modern languages/frameworks - Python, Java, Ruby, node.js, JavaScript, PHP.
Basic understanding of DevOps principles and building code pipelines.
A passion for application security and working knowledge of web application vulnerabilities and mitigations.
Known for being a great communicator and collaborator with excellent written and verbal communication skills.
Demonstrable flair for technical writing, including engagement reports, presentations and operating procedures
Experience with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities.
