Comnet Solutions - Senior Security Engineer (4-6 yrs)

About the job :

Secure the Future of Development : Senior Security Engineer

As we shift towards a hybrid development model, security remains at the core of everything we do.

We're looking for a Senior Security Engineer to lead security initiatives across our platforms, ensuring the highest level of protection for both traditional and cloud-based applications.

As a Senior Security Engineer, you'll play a critical role in ensuring that our applications are secure from design to deployment.

Your expertise will not only guide our security strategies but also empower our development teams to create resilient, secure applications.

We are looking for a security expert who is passionate about identifying potential security concerns, conducting both manual and automated testing, and working closely with our developers to integrate best security practices at every stage of the development lifecycle.

You'll also have a strong focus on automation, enabling more specialized manual testing by building robust automated security testing frameworks.

Key Responsibilities :

- Application Security Review : Conduct thorough security assessments of our custom web and mobile applications, identifying vulnerabilities across the stack (from frontend to backend, APIs, and databases).

- Automated Security Testing : Design, develop, and maintain automated security testing frameworks that help continuously scan and protect our applications against common and advanced security threats.

- Manual Penetration Testing : Perform deep-dive manual testing to uncover security risks that cannot be caught by automated tools.

- Collaborate with Development Teams : Work closely with our development teams to ensure security is integrated into the development lifecycle, from design to deployment.

- Provide actionable recommendations to address vulnerabilities and improve security posture.

- Security Tools & Expertise : Leverage industry-standard security tools (e.g, Burp Suite, OWASP ZAP, Metasploit, etc.) to perform vulnerability scanning, penetration testing, and code reviews.

- Continuous Improvement : Proactively stay up-to-date with the latest security trends, threats, and tools, ensuring that our security practices evolve with the changing landscape.

- Security Automation : Identify areas for security automation and lead initiatives to reduce manual testing where possible, allowing more focus on complex, specialized security issues.

- Security Awareness : Educate development and project teams on security best practices and cultivate a security-first mindset across the organization.

- Compliance & Best Practices : Ensure compliance with security standards, regulations, and best practices for secure software development (e.g, OWASP, ISO/IEC 27001, etc.

What We're Looking For :

- Expertise in Web & Mobile Security : Strong background in securing custom web and mobile applications, including knowledge of vulnerabilities (e.g, XSS, CSRF, SQL Injection, authentication flaws) and how to protect against them.

- Automation Proficiency : Experience in automating security testing processes using tools and scripting, enabling faster, scalable security checks without sacrificing quality.

- Manual Testing Skills : High-level expertise in manual penetration testing, capable of identifying issues that cannot be caught by automated tools.

- Toolset Mastery : Proficiency with security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux, and familiarity with scripting (Python, Bash) for automation tasks.

- Collaborative Mindset : Strong communication skills and the ability to work closely with development teams to implement security solutions in a collaborative and supportive way.

- Security Frameworks & Compliance : Deep understanding of security frameworks such as OWASP, NIST, and experience ensuring that software adheres to best practices in security and compliance