Senior Application Security Engineer - DevSecOps (3-5 yrs)

Eligibility Criteria :

Years of Experience : 3 to 5 years on software application security.

Educational Qualification : Bachelor's degree in engineering.

Job Summary :

We are seeking a skilled and dedicated Software Application Security Engineer to join our team.

The ideal candidate will be responsible for ensuring the security of our software applications by identifying vulnerabilities, implementing security measures, and continuously monitoring for potential threats.

This role requires a deep understanding of security protocols, software development, and the ability to work collaboratively with development teams to integrate security best practices throughout the software development lifecycle.

Primary Responsibilities :

- Develop sandboxes or build environment to build the code with latest patches or library references.

- Conduct security assessments and high-level library or references review to identify vulnerabilities.

- Develop and implement security measures and CI tools like SonarQube / Blackduck to protect software applications.

- Collaborate with development teams to integrate security best practices.

- Interact with QA team to automate the testing of applications with minor fixes and upgrades.

Mandatory Skills :

- Experience with DevSecOps practices.

- Familiarity with Information/Application security, regulatory requirements and compliance standards.

- Experience in using DevOps tools including JIRA, Source Control tools like Bit-Bucket, Git, Azure-repo, Quality scanning tools like SonarQube, Vulnerability scan tools like Black-duck etc.

- Experience in using build management tools like Jenkins, MS Build etc. and CICD / Devops pipeline creation and maintenance.

- Experience in dealing with open-source libraries and vulnerable versions and upgrade plan.

- Experience in identifying and implementing replacements for outdated/vulnerable open-source libraries, DLLs, software technology versions etc.

- Experience with both Windows and Linux OS and their commands.

- Experience with VM-ware or any other hypervisors and deploy application in them.

- Basic knowledge of programming languages like C, C++, Python, Java and C# to the extent of compiling them, creating builds, identifying compilation/build issues, validating successful builds.

- Awareness of Testing practices followed and working in collaboration with testing team.

Desirable Skills :

Proficiency in Security Tools : Familiarity with tools like OWASP, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and vulnerability scanners.

Security Frameworks and Standards : Knowledge of security frameworks like NIST, ISO 27001, and compliance standards such as GDPR, HIPAA.

Penetration Testing : Ability to conduct penetration tests to identify and exploit vulnerabilities in applications.

Communication and Collaboration : Strong ability to communicate security concepts to nontechnical stakeholders and work collaboratively with development teams.

Continuous Learning : Staying updated with the latest security trends, threats, and technologies.

Certifications : Relevant certifications such as CISSP, CEH, OSCP, or similar can be advantageous.