Product Security Engineer

Description

• Conduct cloud infrastructure and application vulnerability assessment in an agile cloud development environment using open-source and commercial tools
• Validate and triage identified vulnerabilities and application security defects
• Track remediation efforts of triaged vulnerabilities to their completion
• Contribute to the development and maintenance of vulnerability management tools and CI/CD integrations
• Provide technical documentation to development teams describing vulnerabilities and impact
• Create and maintain documentation as it relates to vulnerability management and penetration testing processes, standards, and recommendations
• Perform penetration testing of web applications, APIs, thick clients, mobile applications, Onprem, and SaaS services following OWASP methodologies
• Research and develop proof of concepts on publicly available exploits for known/0Day vulnerabilities

• 4+ years of years experience in vulnerability management and penetration testing
• Hands-on experience managing:
  • Vulnerability scanning tools 
  • Container and dependency (OSS libraries) scanning tools  
  • Docker and Kubernetes  
  • Security administration in AWS and Azure 
  • CI/CD and DevOps Tooling (Git, Jenkins, CircleCI) 
  • Infrastructure as code tools (Ansible, CloudFormation, Terraform) 
• Experience in agile methodologies with secure software development life-cycle involving SAST & DAST tools (Coverity, CodeQL, SonarQube, Contrast)
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (reverse proxies, WAF), DNS Security, DoH & DoT
• Experience working with a POSIX system such as Linux or macOS
• Familiarity with Shell Scripts, Python or Golang is a major plus
• Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.
• One or more security certifications CEH, CISA, GSEC, OSCP, CISSP, etc.
• Excellent verbal and written communication skills with a strong attention to details
• MS/M.tech or BE/BS/B.tech in Computer Science or related field, or equivalent work experience required

• Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that require vulnerability assessment and penetration testing
• Reach proficiency with process and procedures laid out for the team in delivering best-in-class cyber security services
• Build knowledge and hands-on experience on cutting-edge technologies 
• Understand the team of engineers and the current state

• Be an independent key contributor to the team
• Participate in rotational watchdesk responsibilities as applicable
• Provide recommendations for security posture improvements
• Identify emerging security threats and trends