Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

For Employers

Add office photos

Employer? Claim Account for FREE

Cashfree Holiday Planners

Compare

No reviews yet

59 Cashfree Holiday Planners Jobs

Security Engineer-2

CASHFREE HOLIDAY PLANNERS

3-7 years

Bangalore / Bengaluru

1 vacancy

Security Engineer-2

Cashfree Holiday Planners

posted 5d ago

Job Role Insights

Key skills for the job

Medical Coding Python SQL Automation Testing Ruby Rails Application Security

+ 3 more

Job Description

Responsibilities:

Examine the products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors.
Be on the forefront of emerging vulnerabilities/threats that could affect Cashfree products through independent research and study.
Engage with the developers in developing workarounds/mitigation plans and ensure they are implemented per policy.
Threat Modelling: Engage with the development teams to conduct secure design reviews/threat modeling exercise to enumerate threats and mitigation strategies.
Enable the developers with knowledge of threat modeling by conducting focused workshops.
Secure Coding: Priorities critical defects and ensure these are identified and mitigated during the sprint.
Integration and automation of SAST in the DevOps pipeline.
Build secure coding principles and propagate them across the development community.
Be the to-go person for developers in solving critical issues relating to secure product development.
Build and enhance secure coding / security assessments training contents for developers and QA team.
Deliver training programs at various levels in the organizations.
Conduct workshops/security tech-talks to disseminate security knowledge and awareness. Qualifications.
Good knowledge in multiple classes of vulnerabilities that includes cross-site scripting, SQL Injection, CSRF, cryptographic related weakness, and code injection.
Good knowledge of any programming/scripting languages such as Java, Ruby, and Python.
Good knowledge relating to services/technology relating to the cloud.
Ability to automate security testing and improve productivity in security assessments.
Ability to communicate and interpret security vulnerabilities to various audiences such as development and management teams.

Requirements:

You have great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry. If you enjoy discussing anything from procedural linking tables in kernels to remote code execution in JVMs, then we want you on the team.
Familiarity with industry-standard threat modeling, risk modeling, and vulnerability classification.
Experience with pre-assessment architectural and API analysis to scope and prepare white-box and grey-box assessments.
Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle and QA processes
B. Tech. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner.
3+ years of relevant engineering or security assessment experience, experience in application security.
Possess a broad knowledge of attack vectors, exploits, and mitigations that work at scale or may be linked together for chained attacks.
Experience with Java, Go, Python, or Node.js (bonus points for more than one).
Experience with assessing Cloud-native services, service meshes, and K notes-platform-based micro-services.
Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks.
Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)