Sr. application security developer engineerPosted: Sept. 7, 2020, 6:33 p.m. - Full Time - Bangalore
As a member of the Application Security team, the Senior Application Security Engineer works closely with software engineers, architects, product management and others help integrate tools into their build/development environments to ensure consistent application of security controls across the product portfolio. This person should be familiar with Secure Development practices and have experience helping product teams adopt these activities.
We seek a top-performing technical leader with the passion, experience and gravitas to effectively lead and contribute to this critical technology function. The ideal candidate will be a high energy, team oriented, customer driven problem solver with prior experience building secure software for enterprises.
This a great opportunity to help secure a world-leading cybersecurity company. As you’d expect you’ll be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced and exciting environment where security is a priority.
Duties & Responsiblities:
- Roll out tools and services to all Sophos Product teams
- Design and implement frameworks and features that are instrumental securing Sophos software and systems.
- Guide teams in the adoption of Secure Development activities. (Training, Threat Modeling, Static/dynamic analysis)
- Participate in planning and architecture sessions with engineering management, architects, operations, and development team leads.
- Help teams integrate fuzzing into their test environments.
- Help product teams move to a DevSecOps way of performing application security.
Experience & Skills:
- Understand how vulnerabilities happen, and how to fix them at an architectural level.
- Familiarity with static analysis security testing software. (Findbugs, Coverity, Fortify, Veracode, etc)
- Solid understanding of Software development principles.
- Solid understanding of fuzzing
- Excellent analytical and troubleshooting skills and demonstrated ability to investigate and solve complex problems, including solving critical production issues in complex systems and investigating and determining root causes.
- Technical acumen to lead the creation of both system-level and service-level designs in collaboration with other technical experts.
- Familiarity with Threat Modeling and Secure Development in general.
- Understanding of how to build tools, frameworks and services that will be consumed by other development teams.
- Penchant for automating everything, and in particular, experience tackling the challenges associated with building frameworks for, automating deployments to and monitoring and maintaining the health of cloud platforms.
- Understanding of common standards / processes / tools and the ability to leverage them where possible.
- Excellent in verbal and written communication, and able to constructively discuss and convey differing ideas, approaches, and perspectives, particularly in written communications.
- Eagerness to learn the world of Internet security and the Sophos product suite.
- Solid understanding of common vulnerabilities (OWASP top 10, SANS top 25)
- Experience with Agile Software Development methodologies
- Strong scripting skills to help integration of tools and other systems
- Experience working with CI/CI pipeline tools like Jenkins, Terraform, etc.
- Strong Linux/Unix systems experience
- Experience presenting research material at security conferences.
- Exceptionally strong written and verbal communications skills, as well as good interpersonal and organization skills
- Contributions to open-source security projects and/or publications.
- Strong understanding of build environments and source code management systems.
- Educated to bachelor’s degree level in a relevant field
- Security-related professional certification (CISSP, OSCP, etc)
Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our data protection policy which can be found here and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please reply to this or other emails from Sophos clearly stating your request, or follow the steps set out in the data protection policy describing your individual rights.