Application Security Engineer

Job Category: Engineer
Job Type: Full Time
Job Location: Noida - India
Experience: 6 – 14 Years

Job Description

  • Manually and automatically reproducing security defects to provide Engineering with the visual outcome of exploits
  • Reproducing Escalation of Privileges
  • Reconnaissance Skills
  • Pen Testing Skills
  • Forensics Skills
  • Understanding various Cloud Architecture and their best security practices, including AWS/Azure/Google Cloud. Able and willing to provide Architecture review for a vendor product.
  • Understanding DB-s and importance of Data Security, DB owner permissions from the application config file, etc…
  • Providing Application Threat modelling: Threats vs. Vulnerabilities. Implementing Risk Acceptance process with the sign off by management
  • Providing Risk Assessment to existing projects
  • Participate in the Dev Projects and provide Business/Systems Security Requirements.
  • Tracking found Security Vulnerabilities for remediation and/or Risk Acceptance.
  • The candidate should be a Security Evangelist
  • Provide AppSec training to the Development Community
  • Fluent in various coding languages and knows and able to apply the skills to move projects forward: Java/Python/Terraform/Go lang

Job Responsibilities

  • Implement Sound Vulnerability Management Program with the Risk Acceptance process.
  • Get buy in from the Engineering Community.
  • Implement SAST Scanning with the Security Policy within CI/CD Pipeline.
  • Implement automated DAST Scanning within the QE process.
  • Enforce Security Gates within SonarCloud.
  • Provide Quarterly Phishing Campaign.
  • Automate Container Scanning as a part of the Vulnerability Management Process.
  • Create a PlayBook for DDOS protection.
  • Research various Threat Hunting Platforms and come up with proposals for HM needs.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx