Application Security Engineer - 2

About the company 

Upstox is one of India's leading Fin-Tech companies with a mission to simplify trading & investing to make it easily accessible to the masses. We aim to enable everyone, from new investors to seasoned traders, to invest across multiple categories with our state-of-the-art trade & investment platform and commission-free pricing. We offer numerous asset categories to invest in, like Stocks, Digital Gold, IPOs, Mutual Funds, and more.   

Our mission is simple - to break down the complexities of investing and make it more effortless, accessible, affordable, and easy for the masses to adopt. This key principle when infused with intuitive design and leading-edge technology will help us empower every Indian to take control of their investments.  

The Application Security Engineer plays a crucial role in ensuring the security and privacy of Upstox’s applications. They are responsible for performing activities related to security and privacy by design, integrating security controls throughout the Software Development Life Cycle (SDLC), and establishing, implementing, monitoring, reviewing, and improving a suitable set of controls to prevent threats to the security of our applications and information assets. The job holder is responsible for ensuring that the organization's business objectives are met while maintaining the security and integrity of its applications and information.

- Require 3-5 years of experience in web and mobile application security vulnerability assessment and penetration testing.

- Conduct penetration testing for both thin and thick client-based applications.

- Utilize attack simulations to exploit security flaws and vulnerabilities across multiple applications on Android and iOS platforms.

- Develop proof-of-concept (PoC) exploits for identified vulnerabilities.

- Perform comprehensive security testing of web, mobile (Android and iOS), and API applications.

- Prepare detailed test reports outlining vulnerabilities and recommendations for remediation.

- Collaborate with developers to provide PoC support and guidance on vulnerability mitigation.

- Conduct security code reviews for in-house applications.

- Provide remediation guidance for identified vulnerabilities.

- Address complex vulnerabilities such as business logic flaws and communicate effectively with both technical and non-technical partners.

- Possesses excellent communication and presentation skills, able to convey complex ideas and information effectively to both technical and non-technical audiences.

- Takes initiative and demonstrates a proactive, results-oriented approach to work, always looking for ways to improve processes and deliver value to the organization.

- Has a positive 'can-do' attitude and is highly motivated to succeed, consistently demonstrating resilience and determination in the face of challenges.

- Has hands-on development experience in one or more of the following technologies: Python, Node/JavaScript, Java, GoLang, PHP, with a strong understanding of coding best practices and design patterns.

- Has experience with Red team exercises, threat hunting, OSINT, and is familiar with common attack techniques and tools used by adversaries.

- Has experience in Threat Modeling and is able to identify and mitigate security risks and vulnerabilities in software systems and applications.

- Has experience in building security tools and utilities to automate security tasks and streamline workflows, with a focus on code quality, reliability, and maintainability.

- Has a strong understanding of the OWASP Top 10 and other common web application vulnerabilities, and is able to apply this knowledge to develop effective security controls and countermeasures.

- Is a team player with good interpersonal skills and is able to work collaboratively with others to achieve common goals, while also being able to work independently with minimum supervision in a complex Infrastructure environment.

- Understands Security Architecture Review and is able to assess the security posture of complex systems and networks, identify potential security gaps, and recommend appropriate security controls and mitigations

A basic requirement but one that many forget: Make sure you go through our website,download our app and give us feedback!