Product Security Engineer
Dell Technologies
Bengaluru, India
1d ago

Business Summary :

VMware is the leader in virtualization and cloud infrastructure solutions that enable our more than 350,000 enterprise and SMB customers to thrive in the Cloud Era.

A pioneer in the use of virtualization and automation technologies, VMware simplifies IT complexity across the entire datacenter to the virtual workplace, empowering customers with solutions in the software-

defined datacenter to hybrid cloud computing and the mobile workspace.

Our team of 20,000+ people working in 50+ locations worldwide is committed to building a community where great people want to work long term by living our values of passion, innovation, execution, teamwork, active learning and giving back.

If you are ready to accelerate, innovate and lead, join us as we challenge constraints and problem solve for tomorrow today.

Our Team :

We are highly motivated and experienced Product Security Engineers, who work with our developers from around the company and globally on everything from design, through code and deployment.

Our role is to look for potential security issues and help with design fixes or mitigations before products or services ship.

Our team is exposed to technology at every level of the stack including our own hypervisor, software-defined networking solutions, cloud management suites, and mobile and IoT solutions.

We write plenty of our own tests, automation and scripts, but we don't spend our days checking in code and are not the ones who write the code for VMware products or services.

We are also not in charge of VMware's infrastructure, firewalls, laptops, virus scanners or internal services.

Roles & Responsibilities

Do you love tearing apart applications to understand how they work?

Are you excited by discovering vulnerabilities and producing exploit code?

Are you constantly threat modeling the world around you no matter where you are? If so, we want to meet you. We are seeking an experienced and highly-

motivated Security Engineer to join our product security team onsite in Bangalore.

In this role you will assess the security posture of a variety of applications and collaborate with Security Architects and product teams to ensure that bugs are discovered and squashed before they have a chance to harm our customers.

You will get hands on with applications across the end-user landscape - Android and iOS, Windows and Mac, web applications, cloud services, IOT, and more.

You will perform penetration tests against VMware applications and review code for design flaws and code defects. You will lead development teams in threat modeling and improving their applications, and you will move fast and break things so that they can be rebuilt stronger than before.

If you are passionate about hands-on work and are eager to make a difference in software security, we believe this is the right team for you.

  • Perform application, system, and network penetration testing on a broad range of products and technology stacks
  • Design and conduct proof-of-concept tests to replicate third-party findings and propose solutions to resolve discovered security issues
  • Prepare detailed reports on findings and work closely with development teams to implement security controls; relate findings to real-
  • world risks and provide specific, actionable recommendations for resolution

  • Perform research activities to investigate vulnerabilities and technologies which may impact VMware products, and present findings at industry conferences and tradeshows
  • Assess cryptographic implementations to identify data leakages, side channel attacks, and insecure implementations
  • Design and develop tools to augment and improve the testing process; configure existing tools and resources to perform more effectively
  • Assess product compliance with security requirements and guide teams in meeting security objectives
  • Introduce process efficiencies into existing testing methodologies and recommend improvements to testing workflows
  • Required Skills

  • 5+ years’ combined experience in the areas of penetration testing, reverse engineering, code review, and vulnerability analysis
  • Hands-on experience with SAST and DAST tools and frameworks
  • Software development, code review, static analysis experience desired
  • Experience with Python, Javascript, Ruby, etc. a plus
  • Former system / network administrator experience a plus
  • Offensive Security Certified Professional (OSCP) and GIAC certifications preferred
  • Preferred Skills

  • Previous experience driving Secure Software Development activities
  • Familiarity with threat modeling, code review, and penetration testing methods and understanding of security concepts is highly desirable
  • VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind :

    VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment.

    All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and / or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.

    VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages.

    VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.

    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form