Application security engineer

Posted: April 28, 2022, 8:06 a.m. - Full Time - Gurgaon

Job Description:

  1. 3+ years of experience testing applications at the network level using intercepting proxies and other open source network analysis tools.
  2. 2+ years of experience testing applications at the binary level using instrumentation, fuzzing, and other exploitation techniques.
  3. 2+ years of experience in application code review

Education Qualification:

• Bachelor’s Engineering Degree in Computer Science (BE/B.Tech) with Two or more Application Security Certifications (Certifications not older than 18months).

MyHealthcare is looking for Application Security Engineers to join our team and take our Product to the next level. MyHealthcare builds software in the HealthTech web space, the AI space, the IoT space, the mobile space, and the desktop space. Very few places have that wide of breadth of software being developed and delivered, and it will take an engineer with a strong desire to dig into areas they may be unfamiliar with to really excel. If you’re looking for a challenge in application security domain, we want to hear from you!

Responsibilities:

1) Review MyHealthcare Application Stack for vulnerabilities prior to production release. 2) Application Code Review 3) Periodic VAPT, Black Box, White Box, Grey Box, Testing 4) Provide guidance on secure software development at all stages of the SDLC. - Including architecture and design reviews prior to start of development. 5) Evaluate and maintain SAST and DAST open source tools for automated scanning. 6) Assist the other members of the security team during testing and purple team exercises. 7) Advocate secure coding practices 8) Implements DevSecOps practices that focus on automation to improve efficiency of testing and remediation of findings.

Experience writing software in two or more of the following languages:

1) Python 2) Java 3) Ruby 4) .js (Node/Angular/React/etc) 5) Golang 6) PHP 7) Perl/Raku 8) C / C++ / C#

Preferable skills:

a) Working knowledge of binary reverse engineering for at least one architecture (x86, armel, etc.). b) Knows the OWASP top 10 inside and out. c) Participation in the bug bounty hunting community.