Senior Security Engineer
Bengaluru, India
Ivanti
Ivanti finds, heals and protects every device, everywhere – automatically – so employees can work better from anywhere.Key Qualifications
- 6-8+ years of experience in web application security, SSDLC, Threat Modeling
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they can be brought to bear for security QE
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Ability to work in a self directed environment that is highly collaborative and cross functional
- Educate application developers to enhance quality of security in the code
- Programming experience with Java web application & Python
- Knowledgeable regarding backend security topics such as secret management and service authentication
- Perform penetration tests and coordinate third-party vendor Pen Tests
- Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations
Who you are
- Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
- Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
- Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.
You are an ideal candidate if you have
- B.S. Computer Science or similar combination of education and experience
- Deep software development experience (Java, iOS and Android APIs, Web, Python)
- Good communication skills
- Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Have experience in web, database, information and/or infrastructure security
- Know and love learning about the latest security tools, infrastructure, and industry best practices
- Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
- Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
- Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
- Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
- Experience with deploying and securing SaaS applications and cloud environments at scale
- Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
- Coordinating bug bounty (VRP) programs and assisting with remediation
Responsibilities
- Develop a broad and deep technical understanding of products, services and architectures.
- Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
- Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
- Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
- Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
- Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
- Propose and develop training materials to help raise the security bar across the organization.
- Develop innovative and scalable tools, solutions, and processes to enhance product security operations.
#LI-VG2
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Android APIs Application security Automation AWS Azure CI/CD Cloud Computer Science Cryptography CSRF DAST Docker Encryption GCP Hashing iOS Java Kubernetes LDAP Microservices Pentesting Product security Python SaaS SAML SAST SDLC SQL SSRF TLS Vulnerabilities XSS
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs