Product Security Engineer - SAST/DAST (7-10 yrs)

Our technology services client is seeking multiple Product Security Engineer to join their team on a contract basis.

These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period.

Below are further details about the role :

Role : Product Security Engineer.

Key Skills : Cyber Security, SAST, DAST, SCA, Vulnerability Management, Web Applications.

Experience : 7 -10 Years.

Location : Bangalore.

Notice Period : Immediate Only.

Job Description :

Product Security Representative :

- Providing privacy and security technical expertise supporting the product team throughout product development, design change, and life-cycle management.

- Work with the Product Security Leader (PSL) to support the product team with process expertise for Healthcare Product Cybersecurity Standards and life-cycle management.

Product cybersecurity development responsibilities :

- Assess the privacy and cybersecurity state of the product and define product roadmap features/ enhancements with stakeholder approval.

- Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.

- Assess product components and SBoM are integrated into the product.

- Perform defect management for cybersecurity issues.

- Identify operational responsibilities and adherence to cloud standards for cloud-based products.

- Responsible for Product and Security Manual and MDS2 documentation.

- In coordination with the PSL, own and deliver Product Cybersecurity.

Standard artefacts, which include :

- Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.

- Create Design Engineering Privacy and Security (DEPS) artefacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction.

- Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.

Lead product Security Technical Design Reviews :

- Along with the product Lead System Designer (LSD), responsible for the Product Cybersecurity Standard compliance and other pertinent standards and processes.

- The released products shall comply with the required regulatory standards & compliance (like FDA, HIPPA, GDPR etc.)

Works with the Product Security team and Quality Assurance & Regulatory Assurance (QARA) on released product life cycle, including :

- Participate in post-market product vulnerability monitoring.

- Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.

- Responsible for product vulnerability mitigation and design change.

- Responsible for vulnerability tool updates to ensure accurate customer communication.

- Address customer and Sales RFP privacy and security feedback/questions.

- Provide technical expertise on customer concerns, complaints, and CSO escalations.

- Create/ Maintain responsible product records within product cybersecurity tools.

Mandatory Soft Skills :

- Should be able to contribute as an individual contributor.

- Should be able to execute his/her responsibility independently.

- Focus on self-planning activities.

- Firm with communication skills.

Mandatory Skills :

Security Engineering :

- Globally recognised Cyber Security Certifications (Advanced/Expert Level).

- Firm with knowledge of OWASP, CVSS, FIPS 140-2/140-3 and DoD RMF.

- 7+ years of full-time information security with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box secure code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.

- The Candidate shall be capable of finding risks/issues and suggesting the best route to remediation, knowing the compensatory controls & guiding the product team for its closure.

- Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI), Certificate Authority (CA)

- Hardware/embedded authentication, OAuth, 2-factor authentication, and white-box code analysis.

- Experience with a range of security tools related to SAST (Static Application Security Assessment),.

- DAST (Dynamic Application Security Assessment), Vulnerability Management, SCA (Software Composition Analysis),.

- Penetration Testing Web Applications, Thick Clients, Mobile Applications, REST/SOAP.

- Threat Modelling Tools etc.

- Standard Software Engineering.

- Experience in Micro Services using RESTful frameworks.-