Security Engineer
- NetApp
- 6 - 11 years
- Bengaluru
- 2 months ago
- Email to a friend
- Report this job
Job Description
- This role encompasses a broad range of security responsibilities, including advanced offensive security operations, application security reviews, secure code reviews, and implementation of the Secure Software Development Lifecycle (SSDLC)
- The successful candidate will simulate sophisticated attacks, conduct secure code reviews, and contribute to the development of security tools
- Responsibilities also include ensuring cloud security and Kubernetes security
- The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security
- They will perform threat modeling exercises with an attackers mindset, leveraging their experience in bug bounty programs and red teaming simulations
- The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools
- This role requires a unique blend of skills and knowledge across multiple security domains
Job Requirements
Conduct Red Team exercises, simulating APTs in cloud, container, and AD environments.
Develop and execute adversary simulations based on the MITRE ATTCK framework, focusing on assume breach scenarios.
Simulate attacks on software supply chains and CI/CD pipelines.
Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks.
Conduct secure code reviews in collaboration with development teams to identify , exploit and implement mitigations on code level.
Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies.
Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle.
Provide security guidance to development teams, assisting in risk mitigation and secure development practices.
Collaborate with the Blue Team to improve detection capabilities and test defensive measures.
Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms.
Develop and maintain custom security tools and frameworks to automate security testing and monitoring.
Stay informed about emerging threats, attack techniques, and security technologies.
Develop and execute adversary simulations based on the MITRE ATTCK framework, focusing on assume breach scenarios.
Simulate attacks on software supply chains and CI/CD pipelines.
Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks.
Conduct secure code reviews in collaboration with development teams to identify , exploit and implement mitigations on code level.
Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies.
Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle.
Provide security guidance to development teams, assisting in risk mitigation and secure development practices.
Collaborate with the Blue Team to improve detection capabilities and test defensive measures.
Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms.
Develop and maintain custom security tools and frameworks to automate security testing and monitoring.
Stay informed about emerging threats, attack techniques, and security technologies.
Education
Bachelor s degree in computer science, information security, or a related field (or equivalent experience).
At least 6 years of experience in offensive security and Application security.
Proven experience in offensive security, with a strong understanding of attack vectors and techniques.
Relevant certifications such as OSWE, OSCP, CRTO, or similar.
Significant contributions to security through Bug bounty programs, CVEs or recognized security research.
Recognized public acknowledgments in security research.
Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits.
Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity.
Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s.
At least 6 years of experience in offensive security and Application security.
Proven experience in offensive security, with a strong understanding of attack vectors and techniques.
Relevant certifications such as OSWE, OSCP, CRTO, or similar.
Significant contributions to security through Bug bounty programs, CVEs or recognized security research.
Recognized public acknowledgments in security research.
Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits.
Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity.
Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s.
Job Classification
Industry: Software ProductFunctional Area / Department: IT & Information Security
Role Category: IT Security
Role: Application Security Engineer
Employement Type: Full time
Contact Details:
Company: NetAppLocation(s): Bengaluru
+ View Contact
Keyskills: Computer science Cloud computing Information security Security testing Application security Ruby Monitoring Python White box Penetration testing
Fraud Alert to job seekers!
₹ Not Disclosed
Similar positions
Job Listings
We are in open beta version of website, please let us know if any issues, at: info(at)indigojobs.in