SDE II - Application Security

About the company
Upstox is one of India's leading Fin-Tech companies with a mission to simplify trading & investing to make it easily accessible to the masses. From new investors to seasoned traders, we aim to enable everyone to invest across multiple categories with our state-of-the-art trade & investment platform and commission-free pricing. We offer numerous asset categories to invest in, like Stocks, Digital Gold, IPOs, Mutual Funds, and more.By focusing on our customers’ needs and equipping them with personalized yet powerful tools, we witnessed a steep growth of 800% in our customer base from 25 Thousand in 2017 to 2 Lakh in 2019. With 1500% growth in 2020, currently, over 4 million customers trust us with their investment decisions, thus setting us on the course to become an industry leader in the country. The company was founded in 2009 by Ravi Kumar and Shrinivas Viswanath, and in 2016 Kavitha Subramanian joined as the third co-founder. Backed by Ratan Tata, we raised $4 million in Series A funding (2016) led by Kalaari Capital. In 2019, US-based investment firm Tiger Global Management invested $25 million in a Series B funding round. Visit our Linkedin page to learn more about us.

Role: SDE II - Application Security

Responsibilities:
1) Design, develop, and maintain tools and web applications to automate security tasks and improve security measures across the organization. 2) Develop and integrate security automation tools and processes into the CI/CD pipeline to ensure continuous security testing and compliance. 3) Create threat models to identify the risks and implement controls to reduce the risks.4) Conduct security architecture / design reviews to identify and fix issues in our applications and infrastructure.5) Develop and maintain security testing plans.6) Review source code for potential security issues Perform vulnerability assessment, penetration testing and prioritize the vulnerabilities.7) Develop PoC/exploits for identified vulnerabilities and assist the engineering team in addressing them. 8) Solve complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.9) Build and maintain relationships with key stakeholders and business partners.
Required skills and experience: 
1) 3 to 6 years of experience with deep technical knowledge and hands-on skills in Application Security ​​Deep understanding of web application security threats, exploits, prevention (SQL Injection, XSS, CSRF, platform hardening, etc)2) Development experience in one or more programming languages (e.g., Python, Go, NodeJs), Experience in building security tools.3) Experience in implementing security controls on Kubernetes (K8s), multi-tier cloud environments, WAF, Bot manager, web and mobile applications. 4) Experience in implementing cryptographic controls to secure sensitive data. Experience in implementing SAST controls within CI/CD pipelines. 5) Experience with Red team exercises, threat hunting, OSINT. 6) Experience with mobile security testing; familiarity with Selenium and Appium automation is an added advantage. 7) Ability to accurately estimate effort, set and meet deadlines.8) Good communication and presentation skills.9) Ability to influence others without direct managerial authority.10) Experience in Financial Services or Fintech is a plus.11) Hands-on / Ready to pull sleeves and get stuff done.Upstox is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics,  disability, age, veteran status, or other characteristics.