Senior Product Security Engineer

Role Intent

To lead the design and implementation of secure SDLC initiatives to ensure high security standards and compliance for web applications.

Role Summary

• Responsible to ensure the implementation of security standards and compliance practices in various SDLC phases.
• Lead and mentor the team, collaborate with onsite and offshore teams to implement and ensure application security standards and practices.
• Perform various application security audits, tests and assessments to ensure security compliance within SLA.

Role Description

• Review the application features and enhancement design, perform code review and provide security specific recommendations and best practices in each SDLC phase.
• Perform penetration test on web applications, identify the vulnerabilities, report security issues, suggest remediation measures and guide the development team to resolve the issue.
• Execute automated scan on web applications using various SAST and DAST tools, triage the issues, identify true positives and work with the development team for resolution.
  
• Collaborate with development team to review, recommend and consult on security concerns and set secure architecture standards.
• Perform security controls assessments, recommend and update application security policies and procedures to keep up with the security trends and changing internal and external requirements.
• Perform domain audits with help of OSNIT tools.
• Collaborate with clients and third parties, provide technical support for penetration tests and audit of the products.
• Review, evaluate and recommend security best practices for AWS cloud specific implementations of SDLC.
• Analyze, review and suggest new application installations, test various features and functionalities and collaborate with IT helpdesk team through the process of application whitelisting.
• Design and implement application and web-based security trainings across the organization.
• Develop tools to automate security testing, design and implement strategies to enhance the efficiency of security bug discovery and resolution.
• Lead and mentor the team, provide technical and non-technical guidance for their overall development.

Exposure and Experience

• Minimum 3 years’ experience in web application security.
• Expert knowledge in Software Development Life Cycle.

Looking to get Placed? Try our Placement Guarantee Plan

Get Hired
• Experience in Security Controls Assessment, Vulnerability Management, Penetration Testing and Application Whitelisting.
• Domain knowledge on Investment Banking/Wealth Management would be an added advantage.
• Education: BTech/ MCA

Knowledge and Skills

• Excellent communication (Written & Verbal)
• Analytical Skills
• Problem Solving Skills
• Interpersonal Skills
• Leadership Skills
• Proficient in Burpsuite Professional
• Thorough knowledge in Core Java, OSNIT tools, DAST tools and SAST tools
• Exposure in AWS Cloud Computing