Application Security Engineer - Vulnerability Assessment

RESPONSIBILITIES : - Establish security best processes and practices for our mobile, on-premises and cloud-based platforms. - Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls. - Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews. - Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model. - Perform threat modeling, secure design, and source code review. - Conduct security assessments, security testing and validation of vulnerability scan results. - Assist teams in reproducing, triaging, and addressing application security vulnerabilities. - Incorporate security tools/tasks to automate product development and deployment. - Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. - Responsible for integration of security controls into SDLC. - Establish supply chain security process and ensure 3rd party software meet the standards. - Facilitate injection, integration, and compliance for Static Application Security - Testing (SAST), Container Security Scanning & Open-Source Security - Analysis during development phase. - Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST) - Contribute to triaging, addressing security issues and tracking remediation. - Own and manage Secure SDLC tooling. - Develop and customize security tools used by security teams and developers. - Work closely with development teams to build security directly into their SDLCs. - Provide remediation guidance to programmers and management. - Support bug bounty program - Support the preparation of security releases - Mentor and train development teams on secure coding standards and techniques. - Develop Secure Coding Program. - Constantly innovate at the pace of the adversary using latest techniques. GENERAL KNOWLEDGE, SKILLS & ABILITIES : - In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques - Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language. - Fluent with security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools - Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25 - Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond). - Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP. - Knowledge of DevSecOps to maintain security in CI/CD pipeline. - Solid experience with security tools like Semgrep, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus - Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk - Experience writing custom rules for static analysis tools. - Experience with API Security, IaC, Containerization, RASP, IAST - Experience with micro services, container deployment and service orchestration - Strong knowledge of cryptography, API security, and secret management - Ability to clearly and effectively communicate concerns and issues to the management and engineers. - Experience with Cloud (AWS, Azure, GCP) Security - Experience writing tools to automate tasks and integrate systems using scripting languages like Go, Python and REST APIs. - Experience in delivering and educating development groups in Secure Coding - Expertise with common vulnerabilities and attack vectors. - Experience integrating security tools into developer pipelines. - DevOps experience managing deployment and configuration. (ref:hirist.tech)

Location: hyderabad, IN

Posted Date: 11/17/2024