VIEW ALL APPLY NOW
Senior Security Engineer
Spredfast + Lithium | 3050: Development | Bangalore, Karnataka
Skills & Requirements
Job Description (Sr Security Engineer)
What you’ll do
- Drive the implementation and rollout of security-in-depth concept to ensure security is incorporated in all the different layers within our products
- Conduct security code reviews using automated and manual techniques
- Conduct security scanning and testing on our hosting environment and web applications
- Work with engineering and software QA teams to prioritize and address security bug fixes, security feature implementations and various security enhancements
- Conduct security architecture design reviews and develop or enhance security requirements related to new and existing software platforms, systems and features
- Conduct internal and external security assessments, audits, and penetration testing
- Create and maintain comprehensive internal and external documentation
- Develop training materials for security awareness and deliver security technology training, such as emerging trends of security risks, latest security tools and methodologies, information security concepts, etc.
- Manage and enhance a security lab environment
Skills & Requirements
- 5+ years of professional experience in information security and web application security
- Deep understanding of OWASP Top 10 and SANS Top 25 application security errors
- Experience using commercial and/or open source static code analysis tools such as Veracode, Fortify or Checkmarx.
- Familiarity with scripting languages such as Perl, PHP, Python, Ruby, Shell, etc.
- Experience with commercial and/or open source security tools (for example: Qualys, Nessus, Metasploit, Wireshark, IDS/IPS, Firewall, etc.)
- Strong analytical and problem-solving skills
- Strong oral and written communication skills
- Associate or bachelor’s degree (Computer Science or Technology preferred)
Additional Desired Qualification
- Security certifications such as CISSP, CISM, GPEN, CEH, CCNA, etc.
- Strong understanding of web protocols and standards (TCP/IP, HTTP, SSL, DNS, etc.)
- Experience with audits and compliance (SAS 70/SSAE 16, ISO 27001, SOX, PCI DSS, etc.)