SDE II - Application Security
Bengaluru/Mumbai
Upstox
Start Trading in Share Market, SIP, IPOs, Mutual Fund, Indices and Commodity at Upstox.com with hassle free process. We provide real time BSE, NSE, MCX, and NCDEX live price and market updates. Trade Now!Upstox is one of India's leading Fin-Tech companies with a mission to simplify trading & investing to make it easily accessible to the masses. From new investors to seasoned traders, we aim to enable everyone to invest across multiple categories with our state-of-the-art trade & investment platform and commission-free pricing. We offer numerous asset categories to invest in, like Stocks, Digital Gold, IPOs, Mutual Funds, and more.By focusing on our customers’ needs and equipping them with personalized yet powerful tools, we witnessed a steep growth of 800% in our customer base from 25 Thousand in 2017 to 2 Lakh in 2019. With 1500% growth in 2020, currently, over 4 million customers trust us with their investment decisions, thus setting us on the course to become an industry leader in the country. The company was founded in 2009 by Ravi Kumar and Shrinivas Viswanath, and in 2016 Kavitha Subramanian joined as the third co-founder. Backed by Ratan Tata, we raised $4 million in Series A funding (2016) led by Kalaari Capital. In 2019, US-based investment firm Tiger Global Management invested $25 million in a Series B funding round. Visit our Linkedin page to learn more about us.
Role: SDE II - Application Security
Responsibilities:
1) Design, develop, and maintain tools and web applications to automate security tasks and improve security measures across the organization. 2) Develop and integrate security automation tools and processes into the CI/CD pipeline to ensure continuous security testing and compliance. 3) Create threat models to identify the risks and implement controls to reduce the risks.4) Conduct security architecture / design reviews to identify and fix issues in our applications and infrastructure.5) Develop and maintain security testing plans.6) Review source code for potential security issues Perform vulnerability assessment, penetration testing and prioritize the vulnerabilities.7) Develop PoC/exploits for identified vulnerabilities and assist the engineering team in addressing them. 8) Solve complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.9) Build and maintain relationships with key stakeholders and business partners.
Required skills and experience:
1) 3 to 6 years of experience with deep technical knowledge and hands-on skills in Application Security Deep understanding of web application security threats, exploits, prevention (SQL Injection, XSS, CSRF, platform hardening, etc)2) Development experience in one or more programming languages (e.g., Python, Go, NodeJs), Experience in building security tools.3) Experience in implementing security controls on Kubernetes (K8s), multi-tier cloud environments, WAF, Bot manager, web and mobile applications. 4) Experience in implementing cryptographic controls to secure sensitive data. Experience in implementing SAST controls within CI/CD pipelines. 5) Experience with Red team exercises, threat hunting, OSINT. 6) Experience with mobile security testing; familiarity with Selenium and Appium automation is an added advantage. 7) Ability to accurately estimate effort, set and meet deadlines.8) Good communication and presentation skills.9) Ability to influence others without direct managerial authority.10) Experience in Financial Services or Fintech is a plus.11) Hands-on / Ready to pull sleeves and get stuff done.Upstox is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or other characteristics.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation CI/CD Cloud Compliance CSRF Exploits FinTech Kubernetes Mobile security Node.js OSINT Pentesting Python Red team SAST Selenium SQL SQL injection Vulnerabilities XSS
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs