Security Engineer

Bangalore, India

Full Time Senior-level / Expert USD 107K - 149K *
Ivanti logo

Ivanti

Ivanti provides solutions for IT asset management, IT service management, endpoint security, supply chain management & more. Discover the power of unified IT management when you get in touch with us today.

View all employer listings

Apply now Apply later

Key Qualifications

  • 8+ years of experience in web application security, SSDLC, Threat Modeling
  • Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
  • Passion for understanding and researching vulnerabilities and exploitation techniques
  • Knowledge of development and integration tools and technologies (e.g. CI/CD)
  • Knowledge of test automation frameworks and how they can be brought to bear for security QE
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
  • Ability to work in a self directed environment that is highly collaborative and cross functional
  • Educate application developers to enhance quality of security in the code
  • Programming experience with Java web application & Python
  • Knowledgeable regarding backend security topics such as secret management and service authentication
  • Perform penetration tests and coordinate third-party vendor Pen Tests
  • Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations

 

Who you are

  • Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
  • Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
  • Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.

 

You are an ideal candidate if you have

  • B.S. Computer Science or similar combination of education and experience
  • Deep software development experience (Java, iOS and Android APIs, Web, Python)
  • Good communication skills
  • Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
  • Have experience in web, database, information and/or infrastructure security
  • Know and love learning about the latest security tools, infrastructure, and industry best practices
  • Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
  • Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
  • Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
  • Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure) 
  • Experience with deploying and securing SaaS applications and cloud environments at scale
  • Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
  • Coordinating bug bounty (VRP) programs and assisting with remediation

 

Responsibilities

  • Develop a broad and deep technical understanding of products, services and architectures.
  • Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
  • Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
  • Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
  • Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
  • Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
  • Propose and develop training materials to help raise the security bar across the organization.
  • Develop innovative and scalable tools, solutions, and processes to enhance product security operations.

 

* Salary range is an estimate based on our salary survey at salaries.infosec-jobs.com
Job region: Asia/Pacific
Job country: India
Job stats:  6  0  0
  • Share this job via
  • or

Other jobs like this

Explore more Cyber Security career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.