Senior Information Security Engineer (Application Security)

About the job

Who are we and What do we do?

InMobi Group’s mission is to power intelligent, mobile-first experiences for enterprises and consumers. Its businesses across advertising, marketing, data and content platforms are shaping consumer experience in a world of connected devices. InMobi Group has been recognized on both the 2018 and 2019 CNBC Disruptor 50 list and as one of Fast Company’s 2018 World’s Most Innovative Companies.

What’s the InMobi family like?  

Consistently featured among the “Great Places to Work” in India since 2017, our culture is our true north, enabling us to think big, solve complex challenges and grow with new opportunities. InMobians are passionate and driven, creative and fun-loving, take ownership and are results focused. We invite you to free yourself, dream big and chase your passion.

What do we promise?

We offer an opportunity to have an immediate impact on the company and our products. The work that you shall do will be mission critical for InMobi and will be critical for optimizing tech operations, working with highly capable and ambitious peer groups. At InMobi, you get food for your body, soul, and mind with daily meals, gym, and yoga classes, cutting-edge training, and tools, cocktails at drink cart Thursdays and fun at work on Funky Fridays. We even promise to let you bring your kids and pets to work.

What does the team do?

Opportunity is part of the evolving cyber security group which is laser focussed on setting up industry benchmarks in managing & guarding against digital risks in a “Cloud Native - DevOps Only” environment. It is a lean-mean-special action group where every cyber sentinel gets an opportunity to work across domain, has an independence to challenge status quo & evolve cyber practices to next level of maturity. Our core competencies revolve around “Product & Platform security” , “Cloud Native Risk Management” and “Detection & Response”.

What you will be doing?

• Conduct Vulnerability Assessments, Penetration Testing, and source code review.
• Automate Technical tasks in CI/CD through use of APIs or and tools.
• Perform application source code security reviews for APIs, middle ware, frontends in Java, Python, Node.JS etc.
• Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Web, iOS, Android and cloud platform.
• Perform SAST & DAST and improve SDLC.
• Develop solution architecture and blueprints based on business technology and security objectives.
• Research and maintain secure coding guidelines.
• Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security and Network Security.
• Collaborate with product teams to build secure products and achieve cybersecurity objectives of InMobi.
• Maintain active understanding of industry practices for secure software development and incident response.

What is expected out of you?

• Zealous to un-learn & re-learn cyber security practices in a “Cloud Native- DevOps Only” environment.
• 3-6 years years’ experience in application security, penetration testing, DevSecOps.
• Mindset to standardize & maximise automation in CI/CD pipeline.
• Excellent skills with application security testing tools such as: Burpsuite, OWASP ZAP, SQLMap, Kali, etc.
• Experience with scripting languages such as: Python, bash, PowerShell etc.
• Knowledge of Kubernetes and Docker containers.
• Knowledge of OWASP Top 10 and SANS Top 25.
• Red Teamer with proven skills in exploitation.
• Strong understanding of security fundamentals and general security technologies.
• Ability to balance & prioritize between strategic & tactical outcomes.
• Ability to operate, decide & evolve in ambiguous situations.
• Curiosity to learn & adopt emerging technologies.
• Strong interpersonal skills as well as excellent written and verbal communication skills.
• Self-motivated and individual contributor.
• Agile practitioner.
• Excellent oral and written communications skills and a good team player.
• Bug bounties, responsible disclosure awards & Hall of Fame are strongly preferred.
• Certifications such as GWAPT, Offensive Security Certified Professional (OSCP), OSCE or GIAC Penetration Testing (GPEN) are strongly preferred.

Why Join Us?

You will contribute to creating disruptive and innovative consumer experiences using technology. We value autonomy, collaboration, technical innovation, and results-oriented thinking. InMobi’s culture is all about rewarding excellence so there are fantastic opportunities for the right candidates.