Senior Application Security Professional

As a strategic security professional, you will play a key role in our product development lifecycle.

Our team is responsible for ensuring the security of our applications and data. We achieve this through a combination of secure coding practices, static code analysis, dynamic scanning, penetration testing, container security, cloud security, supply chain security, and threat modeling.

You will work closely with our development teams to identify and remediate security vulnerabilities. Your expertise in application security will be invaluable in helping us to improve our security posture and ensure the integrity of our products.

• ">
• Industry-standard best practices on application security controls">
• Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation">
• Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.)">
• Strong vulnerability assessment experience of web, mobile, and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers)">
• Strong experience in manual vulnerability assessment and penetration testing">
• Hands-on experience on Application Security tools such as Fortify, WebInspect, Burp, etc.">
• Experience in planning, researching, and developing security policies, standards, and procedures in line with industry best practices">
• A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes">
• Preferably to have application security penetration testing-related certifications">
• Highly desirable to have general information security-related certifications">
• Excellent team-playing and collaborative skills to work with multiple stakeholders">
• Strong analytical, troubleshooting, writing, communication, and consultancy skills">
• Possess a commitment to quality and a thorough approach to work">

This role offers:

• ">
• Strategic Planning: Align application security initiatives with business goals">
• Technical Leadership: Stay updated on the latest trends and advancements in application security">
• Recommend mitigations for vulnerabilities; manage third-party and open-source software risk">
• Architecture and Design: Review application designs for security best practices">
• Design, enhance, and advocate for the threat modeling process">
• Security Reviews: Conduct security assessments throughout the development lifecycle">
• Collaborate with development teams to remediate security vulnerabilities">
• Code Review and Analysis: Conduct code reviews and implement automated code analysis tools">
• Secure Development Practices: Enforce secure coding practices, train developers in secure coding">
• Incident Response/Customer Escalations: Lead incident response efforts related to application security incidents">
• Work with cross-functional teams to investigate and remediate security breaches">
• Policy and Standards: Develop and enforce application security policies; ensure compliance with industry standards">
• Security Testing: Oversee the implementation of security testing methodologies">
• Conduct Penetration Testing activity for applications/systems">
• Security Awareness: Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)">
• Collaboration: Collaborate with cross-functional teams to integrate security into all aspects of the software development lifecycle and improve security maturity">
• Documentation and Reporting: Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management">
• Research and Innovation: Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions">
• Vendor and Tool Evaluation: Evaluate and recommend security tools/technologies; Manage vendor relationships">

To succeed in this role, you should have:

• ">
• B.E./B.Tech/Bachelors/Master of Computer Science or equivalent">
• 6+ years of relevant experience">
• 8-12 years of total industry experience">
• Experience in backend development">
• Industry standard best practices on application security controls">
• Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation">
• Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.)">
• Strong vulnerability assessment experience of web, mobile, and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers)">
• Strong experience in manual vulnerability assessment and penetration testing">
• Hands-on experience on Application Security tools such as Fortify, WebInspect, Burp, etc.">
• Experience in planning, researching, and developing security policies, standards, and procedures in line with industry best practices">
• A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes">
• Preferably to have application security penetration testing-related certifications">
• Highly desirable to have general information security-related certifications">
• Excellent team-playing and collaborative skills to work with multiple stakeholders">
• Strong analytical, troubleshooting, writing, communication, and consultancy skills">
• Possess a commitment to quality and a thorough approach to work">

Education and Experience:

• ">
• B.E./B.Tech/Bachelors/Master of Computer Science or equivalent">
• 6+ years of relevant experience">
• 8-12 years of total industry experience">
• Experience in backend development">

Role: Backend Developer

Department: Engineering - Software & QA

Employment Type: Full Time, Permanent

Role Category: Software Development