Senior Security Engineer

Posted 4 months ago

Job description

What You’ll Do

  • Drive the implementation and roll out of security-in-depth concept to ensure security is incorporated in all the different layers within our products.
  • Conduct security code reviews using automated and manual techniques.
  • Conduct security scanning and testing on our hosting environment and web applications.
  • Work with engineering and software QA teams to prioritize and address security bug fixes, security feature implementations and various security enhancements
  • Conduct security architecture design reviews and develop or enhance security requirements related to new and existing software platforms, systems and features
  • Conduct internal and external security assessments, audits, and penetration testing.
  • Create and maintain comprehensive internal and external documentation
  • Develop training materials for security awareness and deliver security technology training, such as emerging trends of security risks, latest security tools and methodologies, information security concepts, etc.
  • Contribute to Risk Management Program – Work and collaborate with teams and bring about a cohesive and comprehensive security program (policies, standards, practices and process) that will ensure least possible if not no security loopholes.
  • Build and maintain application threat modelling
  • Handle customer security reviews and compliance/legal reviews related to security
  • Participate in discussions with customer security team and answer any questions related to security and take forward any action items into security/product road map, coordinate with other teams and get it done.

Skills & Requirements

  • 5+ years of professional experience in information security and web application security
  • Excellent understanding of web application technologies (Java, JavaScript, HTML, XML, JSON, REST, AJAX)
  • Deep understanding of OWASP Top 10 and SANS Top 25 application security errors
  • Experience using commercial and/or open source static code analysis tools such as Veracode, Fortify or Checkmarx.
  • Familiarity with scripting languages such as Perl, PHP, Python, Ruby, Shell, etc.
  • Experience with commercial and/or open source security tools (for example: Qualys, Nessus, Metasploit, Wireshark, IDS/IPS, Firewall, etc.)
  • Strong experience on DevOps culture and tools (e.g. GoCD or similar), Ansible, Docker, Kubernetes
  • Working exposure to one of the major cloud IaaS providers (AWS, Azure, Google) is beneficial
  • Strong analytical and problem-solving skills.
  • Strong oral and written communication skills
  • Associate or bachelor’s degree (Computer Science or Technology preferred)
  • Security certifications such as CISSP, CISM, GPEN, CEH, CCNA, etc.
  • Strong understanding of web protocols and standards (TCP/IP, HTTP, SSL, DNS, etc.)
  • Experience with audits and compliance (SAS 70/SSAE 16, ISO 27001, SOX, PCI DSS, etc.)

Job Features

Job CategoryEngineering

Apply Online

A valid email address is required.
A valid phone number is required.