Senior Application Security Engineer

Hyderabad, India

Applications have closed


About Us

Headquartered in Silicon Valley, with offices located worldwide, OpsRamp is a modern SaaS platform company that’s just entered its next stage of growth with new investment from Morgan Stanley, HPE, and Sapphire Ventures. We’re disrupting the $28 billion-dollar market of IT operations management, fundamentally changing how IT teams support the business through infrastructure management.

As one of Forbes’ Top Cloud Computing Companies to Work For, our mission is to simplify and transform IT operations. OpsRamp is an IT operations management (ITOM) platform that allows enterprise IT teams and managed service providers to control the chaos of modern digital infrastructure. We do this through hybrid discovery and monitoring, event and incident management, remediation, and automation, powered by AI. We help our enterprise and MSP customers avoid costly outages and performance issues that result in lost revenue and productivity.

It’s truly the dawn of a new era for a major market, and we’re in the center of it. Are you ready to join the future of IT operations?



Requirements

Required Experience – 5 -10 years

• Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.

• Experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, APIs, DAST, SASTetc.

• Should have performed manual mobile application penetration testing on platforms like Android, IOS, etc – both client and server-side applications.

• Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.

• Should have good understanding of web application architecture and Secure development life cycle (SDLC) and Experience in Java web application development.

• Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable.

• Should have Prepared audit reports and findings tracker sheets for applications.

• Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization.

• Perform Black-Box / Grey Box External Network VA/PT assessments following structured phases.

- SOC2 type 2, ISO27001, PCI-DSS.

- Experience in security automation and security review in cloud infrastructure. Aws, azure.

- Certification: OSCP (preferred) , CEH , Security+, CCNA security ...etc


Good to Have:

1. Knowledge on Cloud & Kubernetes Security 2. Certification if any 3. Source code review. 4. Knowledge on scripting.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Android APIs Application security Automation AWS Azure Burp Suite CEH Cloud CSRF CVSS DAST iOS ISO 27001 Java Kubernetes Monitoring OSCP OWASP Pentesting SaaS SANS Scripting SDLC SOC 2 SQL SQL injection Vulnerabilities XSS

Region: Asia/Pacific
Country: India
Job stats:  6  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.