Team Lead - Applications Security Engineering

Key Responsibilities : Security-Focused Code Reviews : - Conduct in-depth security assessments by reviewing source code using the Checkmarx Platform. - Perform static application security testing (SAST) and software composition analysis (SCA) across a wide range of programming languages and frameworks. - Identify, document, and communicate vulnerabilities discovered during the code review process, providing comprehensive reports and analysis. Customer Support for Vulnerability Mitigation : - Work directly with customers' Application Security (AppSec) and Development teams to provide actionable advice on how to remediate vulnerabilities. - Offer hands-on guidance on secure coding practices, assisting customers in understanding the root cause of vulnerabilities and applying best practices for remediation. - Support customers in prioritizing security fixes based on the severity and potential impact of identified (PoC) Creation : - Develop and present proof-of-concept (PoC) attacks to illustrate how identified vulnerabilities can be exploited in real-world scenarios. - Provide technical demonstrations to help customers comprehend the risk level of specific vulnerabilities and the importance of remediation. Application Architecture Analysis : - Collaborate with AppSec and Dev teams to analyze the security aspects of application architecture. - Provide recommendations to secure the architecture at the design stage to prevent vulnerabilities from being introduced. - Conduct threat modeling to identify potential attack vectors and ensure that security is embedded into the development lifecycle. Mentorship and Knowledge Sharing : - Mentor junior engineers and security analysts in building their technical skills related to application security. - Conduct internal training sessions to upskill less experienced engineers in areas such as secure code review, vulnerability research, and remediation techniques. Research and Continuous Improvement : - Stay updated on the latest security vulnerabilities, exploit techniques, and industry trends in cybersecurity. - Proactively research emerging threats and vulnerabilities across different technologies, contributing to the development of new security solutions. - Regularly participate in knowledge-sharing sessions, conferences, and forums to stay at the forefront of the AppSec field. Client-Focused Security Consulting : - Act as a trusted advisor to clients, providing security consulting services related to code review, vulnerability management, and secure development practices. - Engage with clients to understand their specific security requirements and challenges, and tailor solutions that address their unique needs. - Assist clients in adopting a DevSecOps culture, integrating security tools like company's tool into their CI/CD pipelines for automated and continuous security testing. Collaboration with Internal Teams : - Work closely with company's internal product and development teams to ensure that our security tools and platforms remain at the cutting edge of technology. - Provide feedback on product improvements based on customer experiences and security challenges observed during code reviews. - Collaborate with the sales and pre-sales teams to support customer onboarding, providing technical expertise and addressing security concerns. Reporting and Documentation : - Prepare and deliver comprehensive security assessment reports, including technical details, remediation steps, and risk assessment for each identified vulnerability. - Maintain detailed documentation of customer interactions, code review findings, and remediation processes for future reference and audit purposes. Support for Large-Scale, Enterprise Clients : - Provide high-quality, security-focused support for company's top-tier enterprise clients. - Collaborate with global teams to ensure that customer expectations are met or exceeded and that projects are delivered on time. - Support customer success teams by providing technical expertise. Skills : - Bachelor's degree in computer science or another highly technical scientific discipline. - 8 year's experience in one or more high-level programming languages like Java, .Net, Go, Python, etc. - 5 years' experience in security-focused code review covering some market standards AppSec Frameworks like OWASP Web/API/Mobile Top 10, PCI-DSS, etc. - Deep understanding of large enterprise-grade systems and architectures, as also as modern development paradigms. - A proactive approach to spotting problems, areas for improvement, and performance bottlenecks. - Strong technical aptitude - being able to pick up technical concepts rapidly is required. - Highly motivated self-starter. - Fluent in English ( for other languages). - For security related certifications - for proven experience with security-focused code review using Checkmarx technologies The fine print : - Work from office/home (hybrid). - Some international travel required (less than 10%) (ref:hirist.tech)

Location: Pune, IN

Posted Date: 10/9/2024