Application Security Engineer II

8 Months ago • 2-3 Years • Cyber Security

Job Summary

Job Description

Zeta is seeking an Application Security Engineer II to join their Risk & Compliance Team. The role involves securing mobile and web applications, along with APIs, through penetration testing and educating development and DevOps teams on remediation. Responsibilities include performing regular vulnerability assessments and penetration tests, guiding developers on fixing security issues, conducting code reviews, participating in application design discussions, and performing threat modeling. The engineer will also develop secure coding practices, build security standards, and integrate security testing tools into CI/CD pipelines. This is an individual contributor role focused on ensuring the security of Zeta's products.
Must have:
  • Hands-on VA/PT experience in Web, Mobile, API & Network
  • Thorough understanding of OWASP Top 10
  • Exposure to Secure SDLC, Threat Modelling
  • Experience with security tools (Burpsuite, OWASP ZAP)
  • Solid understanding of Cryptography, PKI, TLS
  • Understanding of AuthN/AuthZ frameworks
  • Experience with SAST tools (Snyk, Veracode)
  • Experience reversing mobile applications
  • Execute penetration tests on networks, OS, cloud
  • Shell scripting or Python/Ruby automation
  • Knowledge of security standards (PCI DSS, GDPR)
  • Understanding of Java Frameworks (Springboot)
  • Experience in bug bounty programs
Good to have:
  • Knowledge of PA-DSS, PCI SSF
  • In-depth understanding of production operations on public cloud
  • Experience in conducting hackathons and CTFs
  • Knowledge of AWS/Azure, Dockers & Containers
  • Good understanding of agile development practices
  • Certifications like OSCP, GWAPT
  • Knowledge of Databases (Postgresql, MySQL)
  • Knowledge of data stores (Elasticsearch, S3 buckets)

Job Details

About Zeta

Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015.
Our flagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 20M+ cards have been issued on our platform globally.
Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios.
Zeta has over 1700+ employees - with over 70% roles in R&D - across locations in the US, EMEA, and Asia. We raised $280 million at a $1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.

About the Role

    • This role is part of the RIsk & Compliance Team, Engineering division of Zeta. The Application Security Engineer is responsible to secure all mobile & web applications along with API’s by breaking and hacking them and educating Developers as well as DevOps teams on how to fix them. The objective is to make zeta applications and platforms secure. As Application Security Engineer of the Product Security sub-division, you will be responsible for securing all the Zeta’s Products. You will be working as an individual contributor reporting to a manager. 
    • Perform regular VA/PT for Web & Mobile applications, API & Infrastructure
    • Guide developers in fixing security issues.
    • Regular code reviews
    • Involve in application design discussions.
    • Perform Threat Modelling of Web/Mobile applications.
    • Develop secure code practices and educate dev and QA engineers by building security standards, policies for secure coding, secure data handling, secure networking, secure crypto implementation, etc.
    • Evaluate & Integrate security testing tools (SAST, DAST,SCA) in to CI/CD pipelines.

Responsibilities

    • Guide the technology organization's security and privacy initiatives by participating in design reviews and threat modeling.
    • The applications are developed by the developers and product managers, and you will make sure the applications are secured and hardened.
    • You will define the scope and ensure continuous adherence to the scope of projects at each phase (initiation to sustenance/maintenance phase).
    • You will be responsible for creating visibility, and adoption of the projects meant for internal customers.
    • Act as a security engineering expert and technical champion within Zeta.
    • Assess gaps, and tools to improve application security
    • Liasioning with all external and internal stakeholders for the team.
    • Mentoring developers and QA.
    • Evaluate bugs reported through the Bug Bounty program.
    • Run security posture of various applications across BU’s.
    • Continuous improvement of web/mobile application security
    • Quarterly VA/PT (internal/external, authenticate/non-authenticated) for mobile/web.
    • Secure configuration of Web/Mobile application, DB, Data etc.

Skills

    • Hands on VA/PT experience in Web, Mobile, API & Network
    • Thorough understanding of OWASP Top 10, their attack & defence mechanisms
    • Exposure to Secure SDLC Activities, Threat Modelling & Secure Coding
    • Experience on both commercial and open source tools like Burpsuite, AppScan, OWASP ZAP, BEEF, MetaSploit, Qualys, Nessus, Synk etc.
    • Identifying & exploiting business logic-related vulnerabilities.
    • Solid understanding of Cryptography, knowledge of PKI-based systems, TLS
    • Understanding of different AuthN/AuthZ frameworks (OIDC, oAuth, SAML) able to read/write/understand java code
    • Performed Static Analysis, Code reviews using tools like Snyk, Veracode, Checkmarx, Sonarqube etc.
    • Hands on Reversing mobile applications, class/small files, data obfuscators, or ciphers (Dex2jar, adb, Drozer, Clang, iMAS) and Dynamic Instrumentation tools like Frida/Objection
    • Execute penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS) Infrastructure.
    • Identify and exploit incorrect configurations and security vulnerabilities on Windows and Linux servers. Safely utilize tools, tactics, and procedures used in penetration testing engagements.
    • Shell scripting or automation of simple tasks using Python, or Ruby
    • Knowledge of PA-DSS, PCI SSF (S3, SSLC) etc.
    • Knowledge of security standards like PCI DSS, UIDAI, GDPR, NIST etc.
    • Understanding of Java Frameworks like Springboot, CI/CD, Jenkins.
    • In-depth understanding of production operations on public cloud infrastructure.
    • Excellent written and oral communication and a penchant for technical documentation.
    • Must have participated in various bug bounty programs (HackerOne, Bug Crowd, Private etc)
    • Experience in conducting hackathons and CTF’s
    • Knowledge of AWS/Azure (VPC/Vnet, S3 buckets, blob stores, LoadBalancers etc.), Dockers & Containers, Kubernetes
    • Good understanding of agile development practices.
    • Certifications like OSCP(Preferred), GWAPT, Advanced Web Attacks and Exploitation (AWAE), Comptia Security+
    • Knowledge of Databases - Postgresql, Redshift, My SQL etc. and other data stores like Elasticsearch and S3 buckets.

Experience and Qualifications

    • 2+ years of experience in developing large scale internet or SaaS applications.
    • 2 to 3 years of overall experience as Web/Mobile Application Security engineer or Developer in medium to large-sized product companies. · Bachelor of Technology (BE/B.Tech), M.Tech or ME in Computer Science or equivalent from a Tier-1 engineering college/university
Equal Opportunity

Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success

Similar Jobs

klass - Chief Revenue Officer

klass

Toronto, Ontario, Canada (Hybrid)
2 Months ago
Diligent Corporation - Account Executive II

Diligent Corporation

Sydney, New South Wales, Australia (Hybrid)
1 Month ago
Toast - Field Customer Success Manager II, SMB

Toast

San Antonio, Texas, United States (On-Site)
1 Month ago
Trend Micro - (Sr.) Cloud Developer (Vision One)

Trend Micro

Taipei City, Taiwan (On-Site)
9 Months ago
Toast - Senior Associate, Corporate Finance & Strategy

Toast

Boston, Massachusetts, United States (Hybrid)
2 Weeks ago
PwC - Cyber Security Architect

PwC

Amsterdam, North Holland, Netherlands (On-Site)
6 Months ago
PayPal - Manager, Cybersecurity Risk

PayPal

San Jose, California, United States (On-Site)
5 Days ago
Jane Street - Cybersecurity Engineering - Threat Modelling

Jane Street

London, England, United Kingdom (On-Site)
2 Months ago
Sword Health - Security Engineer (Cloud)

Sword Health

Portugal (Remote)
4 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

MiQ - Sales Enablement Associate/Specialist

MiQ

Beijing, China (On-Site)
2 Months ago
Aera Technology - Client Partner

Aera Technology

San Francisco, California, United States (Hybrid)
6 Months ago
Instrumental - Sales Development Representative

Instrumental

(Remote)
7 Months ago
Thumbtack - Senior IT Systems Engineer

Thumbtack

Philippines (Remote)
2 Weeks ago
entrata - Copywriter

entrata

Lehi, Utah, United States (Hybrid)
1 Week ago
Penumbrainc - Sr Manager Cybersecurity

Penumbrainc

Alameda, California, United States (On-Site)
9 Months ago
WebFX - AI Digital Marketing Specialist

WebFX

Philippines (Remote)
1 Month ago
Toast - Director of Engineering, Fintech

Toast

Dublin, County Dublin, Ireland (Hybrid)
1 Month ago
CyberArk - Senior Site Reliability Engineer

CyberArk

United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Bengaluru, Karnataka, India

Capgemini - Test Manager

Capgemini

Chennai, Tamil Nadu, India (On-Site)
2 Months ago
Capgemini - ANAPLAN Consultant

Capgemini

India (On-Site)
1 Month ago
Qualcomm - Camera Driver Developer

Qualcomm

Hyderabad, Telangana, India (On-Site)
2 Months ago
Buckman - Senior Digital Innovation Engineer - Data Science

Buckman

Chennai, Tamil Nadu, India (On-Site)
3 Weeks ago
After zvfx studios - Social Media Manager

After zvfx studios

India (On-Site)
2 Months ago
Zypp Electric - Social Media Manager

Zypp Electric

Gurugram, Haryana, India (On-Site)
1 Year ago
Outscal - Youtube Content Creator

Outscal

Delhi, India (On-Site)
8 Months ago
Marvell - Staff engineer (Baseband PHY & SoC Validation)

Marvell

Bengaluru, Karnataka, India (On-Site)
1 Month ago
Capgemini - Power Platform Developer

Capgemini

Gurugram, Haryana, India (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

bytedance - Software Engineer Intern (Privacy & Security - Global Payment)

bytedance

San Jose, California, United States (On-Site)
4 Months ago
SpecterOps - Defensive Security Analyst

SpecterOps

France (Remote)
1 Week ago
binance - Web3 Security Senior Software Engineer

binance

Taipei City, Taiwan (Remote)
7 Months ago
Scale AI - Security Engineer (Infrastructure)

Scale AI

Washington, District Of Columbia, United States (On-Site)
2 Months ago
Razer - Information Security Analyst

Razer

Shah Alam, Selangor, Malaysia (On-Site)
1 Month ago
Alpha Sense - Senior Cloud Security Engineer

Alpha Sense

Pune, Maharashtra, India (On-Site)
1 Month ago
Any Desk - Network Security Engineer

Any Desk

Tampa, Florida, United States (Hybrid)
2 Months ago
Figma - Security Engineer

Figma

San Francisco, California, United States (Remote)
1 Month ago
Survay Monkey - Information Security Engineer III

Survay Monkey

Amsterdam, North Holland, Netherlands (Hybrid)
2 Months ago
Jane Street - Cybersecurity Analyst

Jane Street

Hong Kong (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Hyderabad, Telangana, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Hyderabad, Telangana, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Washington, District Of Columbia, United States (Hybrid)

Bengaluru, Karnataka, India (On-Site)

Mumbai, Maharashtra, India (On-Site)

View All Jobs

Get notified when new jobs are added by zeta

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug