Senior Software Engineer - Cyber Security (6-9 yrs)

Job Title : Senior Software Engineer, Security

Job Location : India (Remote)

Work Experience : 6-9 Years

Responsibilities :

- Conduct threat modeling, architecture review, security code review, security assessment, PCI testing, penetration testing (web application, native application, web services, cloud-based services, and infrastructure assessments).

- Perform in-depth security review of new application features. This includes identifying security vulnerabilities (OWASP top ten, common issues in NVD, RCE), reviewing code in Java/JavaScript/Golang, verifying security posture through pen-test (using manual/automated techniques with tools from third parties.

- Perform cloud infrastructure security reviews; the primary focus will be on AWS and many of its common service components (EKS, Istio, S3, IAM, EC2, VPC).

- Document security best practices, develop tools, libraries, scripts or customize existing tools to automate security vulnerability detection and remediation.

- Identify gaps in existing cloud security architecture design/configuration and recommend changes (authentication, authorization, network segmentation, container configuration, bastion host setup).

- Partner with engineering and operation teams to integrate mitigation controls into continuous integration, delivery and deployment processes.

- Work on areas to develop security baseline for cloud, container, and application and integrate into the CI/CD pipeline.

- Implement security architecture, methods, and controls required to meet security, compliance, and audit requirements (PCI, NIST controls, SOC2).

Minimum Education & Experience Requirements :

- Requires a Bachelors degree in Computer Science, Information Assurance/Security, Cyber Security, Computer Engineering, Electrical Engineering, a related field, or a foreign equivalent.

- Must have 6 years of experience in the job offered or related occupation.

- Must have 4 years of experience in software security architecture and design review, Threat Modeling, Security Code Review, SDLC

- Best practices and mitigations for application security, AWS security, Penetration Testing, and in range of security technologies including VPC, IAM, KMS, etc. in AWS.