Security Engineer III - India

24 Minutes ago • All levels

Cyber Security

Job Description

The Application Security Engineer provides leadership in improving application security and the secure software development lifecycle. This role involves performing manual application security assessments (pentests), communicating findings to development and QA teams, and offering design support and security best practice guidance. The engineer will also conduct application architecture security reviews and champion security through the design and delivery of integrated solution architectures.

Must Have:

Provide consulting services at critical points in the SDLC.
Perform manual security assessments at key points in the SDLC.
Participate in security architecture reviews.
Produce documentation and present findings of manual security assessments.
Create meaningful metrics on assessments and be able to speak to them.
Train others on security tools and processes.
Have an interest in continuing education and staying current within the application security domain.
Experience performing blackbox/greybox/whitebox security assessments of applications.
Experience performing manual reviews of application source code for security vulnerabilities (Java, .Net, C++, etc.).
Expert level skills with application security testing tools (Burpsuite, sqlmap, nmap).
Experience with application reverse engineering and tools (Java decompilers, .Net decompilers, IDAPro).
Experience with UNIX or Linux.
Experience with scripting languages (Python, bash, Powershell).

Add these skills to join the top 1% applicants for this job

cpp

game-texts

software-development-lifecycle-sdlc

quality-control

security-testing

linux

unix

nmap

powershell

python

bash

java

The Application Security Engineer is responsible for providing leadership on how to best improve our application security and secure software development lifecycle. This individual is responsible for performing manual application security assessments (application pentests) and communicating any findings to the developers and QA teams. Additionally, the individual will provide design support and security best practice guidance, in the form of consultation, to various development teams and business stakeholders. The individual is also responsible for performing application architecture security reviews and championing security through design and delivery of integrated solution architectures.

Principal Accountabilities

Providing consulting services at critical points in the SDLC.
Perform manual security assessments at key points in the SDLC.
Participate in security architecture reviews.
Produce documentation (reports) and present findings of manual security assessments.
Create meaningful metrics on assessments that have been performed and be able to speak to them.
Be able to train others on tools and processes that you use and be comfortable sharing your knowledge with others.
Have an interest in continuing your education and staying current within the application security domain.

Skills and Software Requirements:

Experience performing blackbox/greybox/whitebox security assessments of applications (application pentests) which use HTTP and/or proprietary protocols.
Experience performing manual reviews of application source code for security vulnerabilities written in various languages including: Java, .Net (C#, VB#), C++, *.
Expert level skills with application security testing tools including: Burpsuite, sqlmap, nmap, etc.
Experience with application reverse engineering and using tools such as: Java decompilers, .Net decompilers, IDAPro, etc.
Experience with UNIX or Linux.
Experience with scripting languages such as: Python, bash, Powershell, etc.
Have a passion for application security testing and be able to share your passion and learnings with teammates and customers.
Self-motivated and a self-starter. (If you have a question, find the answer, ask somebody, figure it out, and communicate.)
Excellent Oral and Written communications skills.