Community

Home >

Jobs >

Senior Engineer, Product Security

Karnataka, India (Hybrid)

Senior Engineer, Product Security

2 Months ago • 3-5 Years • Cyber Security • Undisclosed

About the job

15 skills required for this role

Add these skills to join the top 1% applicants for this job

python

java

ruby

aws

javascript

php

github

git

node.js

ci-cd

cloud-security

cross-site-scripting

azure

identity-federation

perl

Job Description

Senior Product Security Engineer responsible for reviewing code for vulnerabilities, writing custom rules for automated source code scanning, managing security integration into CI/CD pipelines, identifying areas for automation, building security into infrastructure, writing reports and recommendations, establishing metrics, working with engineering teams on remediation, conducting security reviews, threat modeling, risk analysis, mentoring junior team members, and acting as a subject matter expert. The ideal candidate possesses deep understanding of attack surfaces in modern applications and operating systems and can analyze closed source applications using various tools. The role requires proficiency in multiple programming languages, DevOps principles, cloud security (AWS/Azure), and experience with application security tools.

Must have:

Review code for security vulnerabilities
Write custom rules for code scanning tools
Manage security integration into CI/CD
Experience with application security tools
Proficient in Python, Java, Ruby etc.
DevOps principles and code pipelines
Understanding of AWS and cloud security
Threat modeling and risk analysis

Good to have:

Security Certifications
Programming Certifications

About the job

Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets

Job Description :

Title: Senior Product Security Engineer

Location: Bengaluru

Working Type: Hybrid (Mandate to be in office for 3 days)

Job Description Details:

We are currently seeking a Senior Engineer, Product Security to join our Information Security team, based in Bangalore, Karnataka, India. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.

Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization’s expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.

Key Responsibilities:

Review code for security vulnerabilities and practices dangerous to security and privacy.

Write custom rules on automated source code scanning tools

Script (Python, Perl, Ruby,Java) and build automation tools on an ad-hoc basis

Manage security integration into the CI/CD pipeline

Manage integration with manual and automated tools for static and dynamic testing

Identify areas for automation and tooling to increase code coverage

Build security into infrastructure and architecture designs and guide the implementation with the operations team

Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps

Establish metrics and reporting to track coverage and effectiveness of security processes,work with Engineering teams to drive remediation efforts.

Engage with product and developers to conduct security reviews and define security requirements

Mentor junior members of the team and act as a subject matter expert for application security issues

Conduct threat modeling and risk analysis to identify exposure and develop mitigation plans

Requirements:

Bachelor’s degree in computer science, software engineering or equivalent experience

3 to 5 years of software development with at least 2 years in developing secure systems.

Experience in one or more of the following modern languages/frameworks - Python, Java,Ruby, node.js, JavaScript, PHP

Proficiency in version control tools like Git.

Thorough understanding of DevOps principles and building code pipelines

Experience with cloud security, particularly for AWS and/or Azure Experience with integrating security into a DevOps culture. Familiarity with Docker images, AWS Secrets Manager and Parameter Store.

A strong understanding of modern development processes including agile development

Solid understanding of application security topics such as authn, authz, encryption, session management, Identity Federation (Open ID, OAuth, SAML)

Extensive experience with application security tools like code scanners(Checkmarx,Fortify,Synk, Nexus) and dynamic analysis tools (Burp,Zap etc)

Experience with common information security management frameworks like NIST CSF, NIST SP 800,OWASP

Hands-on with AWS and how to deploy/run Python applications in the cloud.

Hands-on experience with OWASP Top 10 standards, including mitigation of common threats like SQL Injection and Cross-Site Scripting etc.

Minimum Qualifications:

3 to 5 years of software development with at least 2 years in developing secure systems.

Experience in one or more of the following modern languages/frameworks - Python, Java,Ruby, node.js, JavaScript, PHP

Proficiency in version control tools like Git.

Thorough understanding of DevOps principles and building code pipelines

A passion for application security related problems.Working knowledge of web application vulnerabilities and mitigations.