Dear Job Seekers,
Our Client is Hiring for:
Job Title: Senior Engineer
- We are currently seeking Senior Engineer, Product Security to join our Information Security team, based in Bangalore, Karnataka, India. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.
- Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.
- Key Responsibilities: Review code for security vulnerabilities and practices dangerous to security and privacy. Write custom rules on automated source code scanning tools Script (Python, Perl, Ruby,Java) and build automation tools on an ad-hoc basis Manage security integration into the CI/CD pipeline
- Manage integration with manual and automated tools for static and dynamic testing Identify areas for automation and tooling to increase code coverage Build security into infrastructure and architecture designs and guide the implementation with the operations team
- Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps Establish metrics and reporting to track coverage and effectiveness of security processes Engage with product and developers to conduct security reviews and define security requirements
- Mentor junior members of the team and act as a subject matter expert for application security issues Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Requirements: Bachelor degree in computer science, software engineering or equivalent experience 3 to 5 years of software development with at least 2 years in developing secure systems.
- Thorough understanding of DevOps principles and building code pipelines Experience with cloud security, particularly for AWS and/or Azure Experience with integrating security into a DevOps culture
- A strong understanding of modern development processes including agile development Solid understanding of application security topics such as authn, authz, encryption, session management, federation
- Extensive experience with application security tools like code scanners (Checkmarx,Fortify,Synk, Nexus) and dynamic analysis tools (Burp,Zap etc)
- Experience with common information security management frameworks like NIST CSF, NIST SP 800,OWASP
- Hands-on with AWS and how to deploy/run Python applications in the cloud.
- Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting etc.
Experience: 3-5 years
Salary: As per the Company Standards