Senior Information Security Engineer (Application Security)

What does the team do?

Opportunity is part of the evolving cyber security group which is laser-focused on setting up industry benchmarks in managing & guarding against digital risks in a “Cloud Native - DevOps Only” environment. It is a lean-mean-special action group where every cyber sentinel gets an opportunity to work across domains, has the independence to challenge the status quo & evolve cyber practices to the next level of maturity. Our core competencies revolve around “Product & Platform security” , “Cloud Native Risk Management” and “Detection & Response”.

What you will be doing?

• Conduct Vulnerability Assessments, Penetration Testing, and source code review.
• Automate Technical tasks in CI/CD through the use of APIs or tools.
• Perform application source code security reviews for APIs, middle ware, and frontends in Java, Python, Node.JS, etc.
• Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Web, iOS, Android, and cloud platforms.
• Perform SAST & DAST and improve SDLC.
• Develop solution architecture and blueprints based on business technology and security objectives.
• Research and maintain secure coding guidelines.
• Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security, and Network Security.
• Collaborate with product teams to build secure products and achieve the cybersecurity objectives of InMobi.
• Maintain an active understanding of industry practices for secure software development and incident response.

What is expected of you?

• Zealous to un-learn & re-learn cyber security practices in a “Cloud Native- DevOps Only” environment.
• 3-6 years experience in application security, penetration testing, DevSecOps.
• 2-3 years of experience in building and managing security gating in Sonarqube
• 2-3 years of experience in manual security code review
• Standardize & maximize automation in the CI/CD pipeline.
• Excellent skills with application security testing tools such as Burpsuite, OWASP ZAP, SQLMap, Kali, etc.
• Experience with scripting languages such as Python, bash, PowerShell, etc.
• Experience in building and deploying opensource security software in production and making it scalable
• Knowledge of Kubernetes and Docker containers.
• Knowledge of OWASP Top 10 and SANS Top 25.
• Red Teamer with proven skills in exploitation.
• Strong understanding of security fundamentals and general security technologies.
• Excellent oral and written communication skills and a good team player.
• Bug bounties, responsible disclosure awards & Hall of Fame are strongly preferred.
• Certifications such as GWAPT, Offensive Security Certified Professional (OSCP), OSCE, or GIAC Penetration Testing (GPEN) are strongly preferred.