Job Description
<p><p><b>Position Name :</b> Application Security Engineer<br/><br/><b>Location :</b> Bangalore<br/><br/><b>Experience Range :</b> 3+ Years<br/><br/><b>Mandatory Requirement :</b><br/><br/>- Passionate about application security with a strong commitment to staying updated on the latest security trends and best practices.<br/><br/>- Proven experience in addressing web application security challenges, including a solid grasp of OWASP Top 10 vulnerabilities.<br/><br/>- Hands-on expertise in conducting IOS and Android application security testing, ensuring comprehensive coverage.<br/><br/>- Adept at identifying vulnerabilities in API endpoints and implementing robust security measures to mitigate risks.<br/><br/>- In-depth knowledge and proficiency in performing thorough code reviews, encompassing manual assessments, SAST, DAST, and IAST audits.<br/><br/><b>About the Client :</b><br/><br/>Our client is a leading and reputable organisation in the financial services industry.<br/><br/> They are dedicated to providing innovative solutions and exceptional services to their clients, leveraging cutting-edge technologies to drive efficiency and value.<br/><br/><b>Job Roles and Responsibilities :</b><br/><br/>As an Application Security Engineer, you will play a pivotal role in ensuring the security and integrity of our web and mobile applications.<br/><br/> Your expertise will contribute to the safeguarding of our systems and the protection of user data.<br/><br/><b>Key responsibilities include :</b><br/><br/>- Addressing web application security issues, with a deep understanding of OWASP Top 10 vulnerabilities.<br/><br/>- Performing hands-on security testing for iOS and Android applications to identify potential vulnerabilities.<br/><br/>- Identifying and assessing vulnerabilities in API endpoints to ensure robust security measures.<br/><br/>- Conducting thorough code reviews, including manual assessments, SAST, DAST, and IAST audits.<br/><br/>- Maintaining and enforcing security standards, providing guidance to developers on secure coding practices.<br/><br/>- Developing and promoting secure coding practices using languages such as C#, Asp.Net (MVC and WebForms), HTML/CSS, and SQL Server.<br/><br/>- Ensuring the secure integration of applications with relational database management systems, particularly MS SQL.<br/><br/>- Executing both manual and automated testing techniques, utilizing tools like BurpSuite Pro, Fiddler, Netsparker, etc., to uncover vulnerabilities.<br/><br/>- Applying security knowledge to both Linux and Windows environments, including aspects of web application hosting, middleware (IIS, Apache, Tomcat, PHP, ColdFusion, Ajax), and databases (Oracle, MySQL, MS SQL Servers).<br/><br/>- Leveraging software security certifications, such as Certified Secure Software Lifecycle Professional (CSSLP), to enhance our security practices (a significant advantage).<br/><br/>- Demonstrating a comprehensive understanding of application security across the entire software development lifecycle.<br/><br/>- Effectively communicating findings and insights, both through presentations and thorough documentation.<br/><br/><b>Qualification and Experience :</b><br/><br/>- Bachelor's degree in Computer Science, Information Security, or a related field.<br/><br/>- 3+ years of hands-on experience in addressing web application security issues and conducting security testing.<br/><br/>- Proven expertise in IOS and Android application security testing.<br/><br/>- Solid understanding of API endpoint vulnerabilities and security best practices.<br/><br/>- Proficiency in conducting manual code reviews and utilizing various security testing methodologies (SAST, DAST, IAST).<br/><br/>- Strong knowledge of secure coding practices, including C#, Asp.
Net (MVC and WebForms), HTML/CSS, and SQL Server.<br/><br/>- Experience securing application integrations with relational database management systems, particularly MS SQL.<br/><br/>- Familiarity with security tools like BurpSuite Pro, Fiddler, Netsparker, etc.
, for manual and automated testing.<br/><br/>- Knowledge of security considerations in both Linux and Windows environments, including web application hosting, middleware, and databases.<br/><br/>- Software Security Certifications, such as CSSLP, would be a significant advantage.<br/><br/>- Adept at communicating complex security concepts effectively, both in presentations and documentation.<br/><br/><b>Other Details :</b><br/><br/>- The position is based in Bangalore.<br/><br/>- Competitive compensation package and opportunities for professional growth<br/></p><br/></p> (ref:hirist.tech)