Application & Product Security Lead

Key Skills: Product Security, Application Security Testing, Secure SDLC, Secure code review, Application Security, Threat Modeling, OWASP Top10 , Years of Experience: 5-8 years
Does this sound like you

You enjoy solving challenging technical problems.

• You have an experience that shows breadth and depth of security knowledge. You

  are strong in multiple domains of software security.

• You know how to work as a partner with product teams and give them the advantage

  of your security experience.

• You recognize, adopt, use, and recommend best practices in security engineering.

• You work ceaselessly to improve your knowledge of the security threat landscape and

  of technologies that enable new forms of attack and defense.

• You are an effective communicator who engages well with technical and

  non-technical audiences alike.

  Skills that you would need:

• Ability to implement and drive information and data security initiatives for MoEngage SaaS Application.

• Understanding of security by design principles and architecture level security concepts and ability to promote secure design principles and a security-focused outlook across a large organization.

• Exposure to multiple security engineering disciplines such as application security, secure software development, cryptography, network security, system security, and security policy.

• Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25

• The desire to solve security challenges at scale, and work on securing the next generation of applications powering the most sophisticated customer engagement platform ever built.

• Experience in providing practical solutions that enable product and architecture teams to meet business goals while controlling security risk.

• Ability to solve problems at their root and step back to understand the broader context.

• Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them.

• Good understanding of information security policies, practices, and standards.

As a Security Lead, you will:

• Drive various application security initiatives to perform end-to-end security reviews to ensure critical information is appropriately protected. Identify security vulnerabilities and risks, and develop mitigation plans.

• Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start.

• Promote secure design principles and a security-focused outlook across a large organization.

• Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.

• Produce creative and inventive solutions for large problems. Participate in projects that develop new intellectual property.

• Be an advocate for customer trust.

• Perform regular VA/PT for web, API and SDK

• Identify process gaps in our application security pentesting and vulnerability

  Management.

• Own and implement recommendations and fixes.

  Requirements:

• Bachelors degree in computer science, computer engineering.

• 5 to 8 years of experience in the application security domain.

• Detailed technical knowledge and conceptual understanding of Application Security

  Concepts, tools and practices.

• Exposure of medium to advanced level of hands on implementation of SAST, SCA

  tools

• Good to have experience in Secure Code Assessment, Dynamic Assessment,

  Software Composition Analysis and risk identification.

• Good to have experience in security vulnerability assessments and remediation

  techniques.

• Thorough understanding of OWASP Top 10, their attack & defense mechanisms

  (XSS, SQLi, CSP, CORS, SSRF)

• Understanding of different AuthN/AuthZ frameworks ( oAuth, SAML)

• Should be familiar with common tools (Postman, Burpsuite, etc )