Job Description :
Perform architecture and code review of complex web applications and APIs
Write code to integrate security services into our CI / CD pipelines
Lead security assessments and application penetration tests
Work with engineers and leaders to help prioritize and remediate vulnerabilities
Collaborate with software engineers across product teams to refine the security of our products and resolve open security flaws
Analyzes business and user security needs and documents requirements
Develops test plans, for new and modified security architecture changes
Help to integrate automated and repeatable controls into the SDLC pipeline.
Provide other engineering team members with well-researched practical Security advice to demonstrate reusability, abstracting configuration from code, collaborating with all teams to provide and help contribute to secure development guidance.
Train software developers in secure coding practices
Reviewing .NET code for security vulnerabilities
Performing impact analysis and suggesting appropriate fixes for open issues
Lead the SecOps Team and support in planning and operation of the team
BS / BE / BTech in Computer Science or related field, or equivalent work experience.
Have 5+ years of experience in application security testing, code reviews and architecture reviews.
Have a background in code development or source code review.
Understand and recognize common vulnerability types, including SQL / command injection, XSS, CSRF, and SSRF. In-depth knowledge of OWASP Top 10 and CWE Top 25.
Experience in using tools like Veracode, Acunetix, SonarQube, CheckMarx, BurpSuite, Teamcity etc.
Knowledge of SCRUM Framework and Agile practices.
Knowledge of HIPAA.
Can lead major security initiatives and drive projects to completion
Have a deep knowledge of key security concepts such as authentication, authorization, encryption, role-based access control, and security by design
Can explain sophisticated security problems and provide expert advice on secure design practices
An understanding of network and web related protocols (such as, TCP / IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Excellent written and verbal communication skills
Demonstrable teamwork skills and resourcefulness
Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid analysis paralysis )
Strong sense of ownership, urgency, and drive
Sharp analytical abilities and proven design skills
Hold any industry certifications such as Security+, CEH, eJPT, OSWA, OSWE, CISSP etc.
Knowledge and experience with Azure and Cloud Security is a bonus.
Participation in the security community is a bonus.