Engineer - Application Security Test

Who we are:

We are a start-up based out of Bengaluru & Delhi NCR. We are engaged in development of next generation missions and technologies (NGM&T) towards future warfare needs of the Indian defence forces. It is undertaking research towards enhancing persistence and autonomy for unmanned vehicles and robotic swarms. NRT's product development portfolio includes a solar power stratospheric high altitude pseudo satellite (HAPS) unmanned platform and an air/ground launched stand-off autonomous system.

Application Security Test Engineer

Test Engineer Grade II/III (Code, Application, IoT Tech)" role involves performing dynamic and static application security testing (DAST/SAST), secure code reviews, and managing software development posture. Key responsibilities include identifying and reporting vulnerabilities in code, applications, and IoT devices, collaborating with developers to integrate security into the SDLC, auditing security documentation, and conducting risk assessments.

The role requires 2-3 years of experience in security application testing, strong understanding of web application and IoT security, experience with tools like Burp Suite and OWASP ZAP, and proficiency in languages like Python, Javascripts, or C/C++. Desired skills include penetration testing experience, knowledge of security frameworks (OWASApplication Security P, NIST), familiarity with DevSecOps, and certifications like CEH or OSCP.

Key Responsibilities:

• DAST/SAST (Dynamic Application Security Testing/Static Application Security Testing):
  Perform both dynamic and static analysis of applications to identify security vulnerabilities.
• Secure Code Review - Coding Best Practices:
  Conduct systematic reviews of source code to ensure adherence to secure coding principles and identify potential weaknesses.
• Software Development Posture and Inventory Management/Monitoring:
  Continuously manage and monitor the security state of all software assets and their underlying infrastructure.
• Perform security testing on code, applications, IoT devices, and communication protocols developed by the organization:
  Execute various security tests on the organization's proprietary software, IoT devices, and communication methods to uncover vulnerabilities.
• Identify vulnerabilities and weaknesses in the software and applications, reporting findings to the development team:
  Discover and clearly report security flaws in software and applications to development teams for remediation.
• Collaborate with developers to integrate security testing throughout the software development lifecycle (SDLC):
  Work closely with development teams to embed security activities into every stage of the software development process.
• Review and audit security-related documentation for compliance with security best practices:
  Examine and verify security documentation to ensure it meets established industry standards and best practices.
• Develop and execute penetration testing scripts and automated testing tools to identify potential exploits:
  Create and run specialized programs to simulate attacks and discover exploitable vulnerabilities.
• Conduct risk assessments and provide actionable recommendations for mitigating security risks and vulnerabilities:
  Evaluate potential security threats and offer practical solutions to reduce or eliminate risks.
• Stay updated with the latest trends, technologies, and best practices in application security:
  Continuously research and learn about emerging threats, new security tools, and industry standards to maintain expertise.

Required Skills:

• 2-3 years of experience in security application testing or related fields.
• Strong understanding of web application security, IoT security, and communication protocols.
• Experience with security testing tools like Burp Suite, OWASP ZAP, and others.
• Proficiency in programming languages such as Python, Java, or C/C++.
• Understanding of secure coding practices and software development lifecycles.

Desired Skills:

• Experience in penetration testing, vulnerability assessments, and threat modeling.
• Knowledge of common security frameworks and standards (e.g., OWASP, NIST).
• Familiarity with automated testing and DevSecOps practices.
• Certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional) are a plus.