Application Security Engineer
Bengaluru
Applications have closed
Bazaarvoice
Bazaarvoice enables brands and retailers to leverage the voice of the customer, manage user-generated content at scale, and engage shoppers from discovery to purchase.The problem we are trying to solve : Brands and retailers struggle to make real connections with consumers. It's a challenge to deliver trustworthy and inspiring content in the moments that matter most during the discovery and purchase cycle. The result? Time and money spent on content that doesn't attract new consumers, convert them, or earn their long-term loyalty.
Our brand promise : closing the gap between brands and consumers.
Founded in 2005, Bazaarvoice is headquartered in Austin, Texas with offices in North America, Europe, Asia and Australia.
It’s official: Bazaarvoice is a Great Place to Work in US!
Bazaarvoice is looking for an Application Security Engineer to be a key member of the Security team and ensure that the Bazaarvoice applications and services are built using security best-practices standards. An Application Security Engineer at Bazaarvoice is expected to understand the web application inner workings, be strong in multiple domains of security, and work closely with both technical and non-technical staff to guide, monitor, assess, and improve the security posture of Bazaarvoice applications.
What you'll be doing:
- Perform vulnerability assessment of applications using a variety of security tools such Burp Suite, web-debugging proxies, Dynamic application security testing (DAST) software, Static application security testing (SAST) software and other automated or manual testing techniques
- Conduct security architecture reviews of the cloud environments and the application stack including Bazaarvoice-owned web and mobile applications
- Triage findings from security software and provide remediation guidelines to software developers and other asset owners
- Collaborate with internal development teams to ensure the applications meet security and compliance requirements
- Investigate and respond to security incidents and identify root-causes. Recommend or implement appropriate solutions and preventative measures
- Develop or integrate tools to improve security testing and detection of common web attack and misuse events
- Build automation tools for security processes in the software development lifecycle (SDLC)
- Document security processes and procedures
- Work on complex projects independently and collaborate with a team
- Act as a Security Team representative with other internal groups, vendors, and customers
- Embrace a culture of continuous service improvement and service excellence
- Stay current on security industry trends, research and become involved in the broader Security community
Necessary skills and experience:
- Bachelor’s degree in Computer Science or Engineering; or equivalent training, education, and/or work experience
- 4+ years of experience in Software Development, QA Engineering or Application Security
- Proficient with AppSec tools (such as Sonarqube) and pen testing tools (such as Burp Suite, ZAP, Metasploit)
- Strong understanding of common web vulnerabilities including OWASP Top 10
- Strong understanding of common web application attacks and attacks against cryptographic algorithms
- Experience with writing code, scripting, and automation
- Knowledge of Cloud environments (AWS, GCP and/or Azure) and development integration tools and technologies (CI/CD)
- The ability to triage and handle or escalate security issues independently
- Experience in troubleshooting, auditing, and performing forensic analysis
- Good documentation and note-taking skills
- Strong sense of ownership, urgency, and drive
- Ability to build partnerships and get results
- Ability to be sensitive to the requirements of business owners (engineering, product, and sales) and clients and balance business needs against security standards and protocols
- Experience in a service or support-oriented role – our people are our most vital assets
- A hunger to learn how to be a well-rounded application security engineer and learn new skills and technologies out of their comfort zone
Nice to have:
- Security Certifications like CISSP/SANS GIAC/OSCP/CEH/Security+
- Demonstrated innovative projects
Transparency & Integrity Builds TrustWe believe in the power of authentic feedback because it’s in our DNA. We do the right thing when faced with hard choices. Transparency and trust accelerate our collective performance.
Passionate Pursuit of Performance Our energy is contagious, because we hire for passion, drive & curiosity. We love what we do, and because we’re laser focused on our mission.
Innovation over ImitationWe seek to innovate as we are not content with the status quo. We embrace agility and experimentation as an advantage.
Stronger TogetherWe bring our whole selves to the mission and find value in diverse perspectives. We champion what’s best for Bazaarvoice before individuals or teams. As a stronger company we build a stronger community.
Commitment to diversity and inclusion Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world’s smartest network of consumers, brands, and retailers.
Tags: Application security Audits Automation AWS Azure Burp Suite CEH CI/CD CISSP Cloud Compliance Computer Science DAST GCP GIAC Metasploit OSCP OWASP Pentesting SANS SAST Scripting SDLC SonarQube Vulnerabilities
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs