Cyber security manager - offensive security

Posted: Nov. 10, 2020, 11:54 a.m. - Full Time - Chennai

Purpose of the Role :

In today’s world any organization or individual are constantly under the threat of cyber attack and this is proven through a steady up rise in the security incidents and data breaches year on year. We at Freshworks are committed to prevent such incidents and provide a secure environment for our customers to run their business. Freshworks is looking for a passionate and self-driven cyber security manager with the ability to drive internal offensive security team to conduct penetration testing exercise. You will play a pivotal role in integrating and advancing security testing strategy by working with Developers, Product Owners, Program Managers, and Security Engineers. As the manager of offensive security team you will advocate approach towards security assessments to unearth critical vulnerabilities and recommend appropriate mitigation strategy. You are expected to serve as a role model to the team to build the right competency within the team and adopt Freshworks culture at work.

Responsibilities :

• Lead a team of committed pen testers and drive security assessment exercise at Freshworks.

• Engage with cyber security leadership team and provide inputs for decision support.

• Design scenario-based / thematic security testing to identify vulnerabilities in the product and gaps in detection and response capabilities.

• Be an evangelist in offensive security and stay updated on emerging threats, vulnerabilities, and exploits.

• Identify opportunities to evolve the solutions via automation.

• Engage with the developers in developing workarounds / mitigation plan and ensure they are implemented per policy.

• Manage security testing related programs such as responsible disclosure / bug bounty.

• Drive training and awareness initiatives at Freshworks.

• Be a role model for the team and provide healthy platform for team to learn and grow.

Basic Qualification :

• Master or Bachelor of Engineering in Computer Science / Engineering, Masters in Computer Science, Bachelor of Science in Computer Science.

• 10 to 12 years of experience in application security, desirable to have 2 years of software development experience.

• Expert-level knowledge and experience in identifying multiple classes of vulnerabilities that includes cross-site scripting, SQL Injection, CSRF, cryptographic related weakness, and code injection.

• Experience in automating security testing and improve productivity in security assessments.

• Experience in conducting security assessments in cloud infrastructure / platforms.

• Good understanding and knowledge in web frameworks and architecture.

Advanced Qualification :

• Published CVEs / research papers / articles pertaining to security of application layer and related protocols.

• Developed tools / utilities for conducting security assessments.