Senior Specialist I - Product Security & Privacy

Job Title

Job Description

This role, embedded in to product development life cycle will ensure- Secured by Design, Privacy by Design and Threat modelling aspects are carried out as part of Secured Software Development Life Cycle. 

Individuals in this role will engage with Architects, Technical leads and R&D Engineering & Development teams to ensure the security and privacy considerations are considered well in advance during the product development cycle. They will review the High-level design, Low-level design and System specification documentation for security consideration and sign them off before the development happens.

They also collaborate with architects to arrive at appropriate security solutions balancing the security risks and the business impact.

This role, embedded in to product development life cycle will ensure- Secured by Design, Privacy by Design and Threat modelling aspects are carried out as part of Secured Software Development Life Cycle. 

Individuals in this role will engage with Architects, Technical leads and R&D Engineering & Development teams to ensure the security and privacy considerations are considered well in advance during the product development cycle. They will review the High-level design, Low-level design and System specification documentation for security consideration and sign them off before the development happens.

They also collaborate with architects to arrive at appropriate security solutions balancing the security risks and the business impact.

Specific job responsibilities include:

• This is individual contributor role. As part of the larger Security and Privacy team, the Application Security Engineer.
• Perform comprehensive Dynamic Application security Testing (DAST)
• Understand and analyses the applications from security point of view.
• Understand the application security risks and Threat modelling of applications.
• Good to have source code review experience.
• Create and execute the corresponding security test cases to verify that the mitigations are properly implemented in the application.
• Able to guide and support development teams to fix the security vulnerabilities in the code.
• Good to know Python coding and Security Automation .

Technical skills and experience:

• Preferred Experience:

• 7 - 12 years of work experience in Application Security Testing
• Understanding and familiarity with common code review methods and standards.
• Experience with static analysis tools (e.g., Git hub advance security, IBM Appscan Source, HP Fortify, Synopsys BlackDuck)
• Experience in Security automation framework development or scripting language is a plus.
• Knowledge of standard Secure Development Life Cycle practices.
• Experience with Kubernetes, Amazon Elastic Kubernetes Service (Amazon EKS) security testing is a plus.
• Research and pilot new services / technologies to support secure software development
• Experience in tools like Burp Suite Pro, HP Webinspect/IBM Appscan/Acunetix and open source tools like burp, OWASP ZAP, CSRF tester etc, Burp Suite
• Experience with Open Web Application Security Project (OWASP) standards, Open Source Security Testing Methodology Manual (OSSTMM) methodologies
• Knowledge in cloud & Big data application security testing
• Sufficient understanding or exposure to testing application on below technology will be helpful
  REST API
  Web Application

• Kubernetes, Amazon Elastic Kubernetes Service (Amazon EKS)
  Encryption
  Data storage for SQL, Oracle etc.
  AWS

Education

• Bachelor  degree in technical stream required ( BE, ME, MS, MCA)

• Degree or concentration in Computer Science, Information Systems, Information Security or similar preferred.

Good to have CEH certification

#LI-PHILIN
#LI-Onsite
#LI-EU