Job Description
In this role, as an Application Security Engineer, you will work as a part of our security engineering team and you will collaborate with other IT professionals to ensure that data is protected
You will be responsible for suggesting and implementing with best security practices within software development lifecycle (SDLC), You will responsible for setting up security controls and design requirements during the software creation and development stage of the software lifecycle, You will also participate in related business and security projects, You will work closely with leadership and staff to extract data to support recommendations for new security-related procedures and/or revisions, This role will guide the organization on standard security methodologies, This position will also play a meaningful role in leading and responding to client security surveys and internal 3rd party audits, What you will be doing:-
Developing and maintaining software application security policies and procedures
Developing and maintaining documentation of application security controls
Implementing software application security controls
Designing technical solutions to address security weaknesses
Analyzing system services, spotting issues in code, networks and applications
Following security best practices in performing tasks
Providing technical leadership, guidance, and direction to the application security team
Participate in and support application security reviews and threat modeling, including code reviewand dynamic testing, Support and consult with product and development teams in the area of application security, Assist in development of automated security testing to validate that secure coding best practices are being used
Assist in creation of security training
Provide leadership for application vulnerability scanning and penetration testing remediation
Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
Prepare security reports for benchmarking security efficiency, Act as a technical point of contact during escalated security events, Responsible to manage Cybersecurity incident response, Participate in the change management board, ensuring security is a consideration in all changes, Provide support to the Information Security Manager on all application security activities
Determines security violations and inefficiencies by conducting periodic audits, Provide evidence to the auditee for the Information Systems audits when needed
Essential Functions
Work closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks
Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
Exploit security flaws and vulnerabilities with attack simulations on network as well as multiple application platforms like Web, iOS, Android and cloud platform, Support the bug bounty program, Perform application security vulnerability management using tools like (Acunetix, Veracode etc )
Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
Understanding of patch management
Working the patch management team to analyze the risk of the breaking the environment with installing the patch
And also ensure deployment of patches in a timely manner while understanding business impact, Investigate security breaches and other cybersecurity incidents, Stay up to date on information technology trends and security standards
Skills needed to be successful, Excellent analytical skills, with an ability to translate business needs into practical security posture, Familiarity with common security libraries, security controls, and common security flaws
Strong analytical and problem-solving skills
Automation enablement to reduce testing workloads
Rapid decision-making to prevent delayed releases due to security issues
Basic development or scripting experience and skills
A good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols), Experience working with development team, Knowledgeable with Anti-Virus, HIPS, ID/PS, Full Packet Capture, RSA Security
Familiarity with ISO 27001, SOC 2, NIST 800-53 or other security frameworks
Ability to prioritize more than one task at a time
Assist in root cause analysis for incident management
Must have excellent written and spoken communication skills with the ability to explain technical information to non-technical people, Willing to work non-standard hours and be on-call, Required Experience & Education
Bachelors degree in Information Technology, Computer Science
2 years of experience in information security industry
Experience with vulnerability scanning tool and solutions, Experience with OWASP, static/dynamic analysis, and common security tools
Experience with Microsoft Windows, Linux, and macOS, Supervisory Responsibilities -NA
Job Classification
Industry: Software Product
Functional Area / Department: Other
Role Category: Other
Role: Other
Employement Type: Full time
Contact Details:
Company: Sunquest Information
Location(s): Bengaluru
Keyskills:
Application Security Engineer