Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets
Job Description :
Title: Senior Product Security Engineer
Location: Bengaluru
Working Type: Hybrid (Mandate to be in office for 3 days)
Job Description Details:
We are currently seeking a Senior Engineer, Product Security to join our Information Security team, based in Bangalore, Karnataka, India. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.
Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization’s expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.
Key Responsibilities:
- Review code for security vulnerabilities and practices dangerous to security and privacy.
- Write custom rules on automated source code scanning tools
- Script (Python, Perl, Ruby,Java) and build automation tools on an ad-hoc basis
- Manage security integration into the CI/CD pipeline
- Manage integration with manual and automated tools for static and dynamic testing
- Identify areas for automation and tooling to increase code coverage
- Build security into infrastructure and architecture designs and guide the implementation with the operations team
- Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps
- Establish metrics and reporting to track coverage and effectiveness of security processes,work with Engineering teams to drive remediation efforts.
- Engage with product and developers to conduct security reviews and define security requirements
- Mentor junior members of the team and act as a subject matter expert for application security issues
- Conduct threat modeling and risk analysis to identify exposure and develop mitigation plans
Requirements:
- Bachelor’s degree in computer science, software engineering or equivalent experience
- 3 to 5 years of software development with at least 2 years in developing secure systems.
- Experience in one or more of the following modern languages/frameworks - Python, Java,Ruby, node.js, JavaScript, PHP
- Proficiency in version control tools like Git.
- Thorough understanding of DevOps principles and building code pipelines
- Experience with cloud security, particularly for AWS and/or Azure Experience with integrating security into a DevOps culture. Familiarity with Docker images, AWS Secrets Manager and Parameter Store.
- A strong understanding of modern development processes including agile development
- Solid understanding of application security topics such as authn, authz, encryption, session management, Identity Federation (Open ID, OAuth, SAML)
- Extensive experience with application security tools like code scanners(Checkmarx,Fortify,Synk, Nexus) and dynamic analysis tools (Burp,Zap etc)
- Experience with common information security management frameworks like NIST CSF, NIST SP 800,OWASP
- Hands-on with AWS and how to deploy/run Python applications in the cloud.
- Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting etc.
Minimum Qualifications:
- 3 to 5 years of software development with at least 2 years in developing secure systems.
- Experience in one or more of the following modern languages/frameworks - Python, Java,Ruby, node.js, JavaScript, PHP
- Proficiency in version control tools like Git.
- Thorough understanding of DevOps principles and building code pipelines
- A passion for application security related problems.Working knowledge of web application vulnerabilities and mitigations.
- Known for being a great communicator and collaborator with excellent written and verbal communication skills
Additional licensing, certifications preferred:
- Security Certifications
- Programming Certifications
This job is posted with NTS Technology Services Pvt. Ltd.
Job Category: