Senior security engineer - vapt and code review

Posted: May 28, 2021, 1:44 p.m. - Full Time - Bangalore

As a Security Engineer, you will work closely with product development, engineering, architecture, and partner teams, to perform security testing against various system(s) and application(s). You will assist in the development and planning of remediation strategies to mitigate identified risks and vulnerabilities.

Roles & Responsibilities:
Tasks are focused on the Product / Application Security domain with very good skills on both client and server-side. The main task is Secure SDLC activities & ownership, the sub tasks are SAST/DAST, secure code review, penetration testing, customer vulnerability reports triage and remediation support.
• Develop a deep technical understanding of Pulse Secure offerings and infrastructure
• Plan and perform security tests against various product(s) and application(s) independently as well as within a team
• Thoroughly document techniques, tactics, and proof of concepts used during security testing and triage analysis
• Communicate with various business and technology stakeholders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans
• Research and continuously improve skills in attacker tools, methods, and techniques

Minimum Qualifications:
• Proven work experience as a software security engineer for at least 5 years
• Demonstrated strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation and development of secure applications
• Deep knowledge of state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation
• Strong knowledge in Networking and server-side testing,
• Perform, review and analyze security VA/PT to identify applicability and false positives
• Software development experience in one of the following core languages: Java, Javascript, C++, C
• Proven experience on managing product risk, including triage, report analysis and remediation plan
• Familiarity with OWASP Top Ten, NIST, CIS and MITRE ATT&CK
• Experience in evaluating multiple products/solutions from a Hackers view
• Excellent written and oral communication, team skills

Preferred Qualifications:
• Ability to communicate highly technical aspects to Executives and IT staff, respectively
• Experience working in global organization with cross regions development teams
• Possess one or more of the following credentials: OSCP, OSWE, GWAPT, GXPN
• Demonstrated strong experience with various scripting languages (Python, Ruby, Bash, etc.)
• Demonstrated strong experience in system or application administration role(s)