Senior Security Engineer

Job Description :

We are looking for an outstanding Senior Security Engineer who is highly technical and is responsible for ensuring the security for a broad range of environments, endpoints and technologies in a . Candidate needs to be a self-starter who can independently and collaboratively work with little direction in a fast-moving environment. Ideal candidates for this role will have experience of 3+years.

Job Responsibilities :

• Review and assess the company and third-party partners on overall security posture.
• Oversee vulnerability scanning, testing, and validation and make tool/solution recommendations   to the security team.
• Guides and performs security activities including penetration testing and vulnerability analysis, audits and assessments, code review, static and dynamic testing, and ethical hacking.
• Implementing code review processes and tooling and being a trusted advisor to the Engineering teams on secure coding practices.
• Work closely with engineers to provide expert advice on secure SDLC (automated and manual code-review), Layer 7 security best practices, and ensuring the remediation of vulnerabilities.
• Protect the company and its customers by identifying threats to user experience and user data while proposing mitigations and defenses.
• Strong collaboration with Engineering, CloudOps and DevOps teams is essential.
• Provide guidance on hardening end-points, containers, APIs, applications, operating systems (e.g., Linux) and AWS cloud environments.
• Manage and review perimeter defenses, such as firewalls, WAF- s, and IDPS.
• Participate as a key hands-on member in cybersecurity incident response and recovery activities.
• Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.
• Maintain knowledge and skills to keep up with the rapidly changing threat landscape.
• Work collaboratively with internal and external departments, vendors, and other key stakeholders.
• Be the SME for Application security process
• Build the Security team
• Manage work efforts end-to-end of the team

• Ability to work with security tooling to find vulnerabilities in the code base and dependencies. Ability to work with Sonarcloud, dependabot or other vulnerability tools.
• Ability to find out how to fix problems and provide support for engineers/developers on the team
• Have an offensive mindset
• Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, and security countermeasures.
• Strong understanding of Application Security testing, Oauth frameworks, OWASP top 10, and Penetration Testing.
• Perform iterative threat and vulnerability assessments and pen tests for re-assessing throughout a products' lifetime.
• In-depth knowledge of web technologies, protocols, web services, and interfaces required
• Knowledge of penetration testing techniques, application security vulnerabilities, OWASP Top 10, SANS 25, CWE, etc. required
• Deep understanding of security vulnerabilities and mitigations.
• Familiarity using AWS Cloud Services (EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route 53, etc.), micro services programming (AWS Lambda, Docker, etc.)
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of Cyber Security Operations and Incident Response processes.
• Knowledge of TCP/IP network fundamentals
• Knowledge of PCI/DSS and its technical controls
• Experience with Firewall, IDS/IPS, WAF (Web Application Firewall) preferred
• Strong working knowledge of Linux Operating Systems
• Good working knowledge of Windows Operating Systems
• Scripting skills (e.g., Perl, Python,Go, shell scripting).
• Deep understating of API security and its security posture
• Knowledge of threat modeling or other risk identification techniques.
• Solid understanding of the secure Software Development Lifecycle (sSDLC) best practices to include, but not limited to in IT and IT security testing methods and metrics, penetration testing, threat hunting, system security monitoring, incident response, technical policy monitoring, familiarity with Enterprise Risk Management, and internal/external audit principles and practices.
• Experience with fuzzing, static and dynamic code analysis.
• Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection.