Senior Engineer - Applications Security
Date: Sep 16, 2024
Location: Gurgaon, HR, IN
Company: Suntory Global Spirits
What makes this a great opportunity?
The Senior Engineer: Application Security Engineer is a key member of the Global Information Security Team who work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that Suntory Global Spirit products are secure.
We are seeking a highly skilled and experienced Application Security Engineer to lead our DevSecOps, API security, threat modeling, mobile security initiatives. This role requires a blend of technical expertise and leadership to manage a team of engineers, ensuring the security, reliability, and efficiency of our CI/CD pipelines and SDLC processes. You will work closely with cross-functional teams to implement robust security measures, optimize our DevOps practices, and drive compliance initiatives.
Role Responsibilities
• Developing and maintaining software application security policies and procedures
• Providing technical leadership, guidance, and direction to the application security team
• Developing and maintaining documentation of application security controls
• Implementing software application security controls
• Designing technical solutions to address security weaknesses.
• Improving and supporting application security tool deployments including static analysis and runtime testing tools Improving and maintaining secure development standards
• Providing manual penetration testing and standards gap analysis services to internal business and technology partners.
• Integrating threat modeling practices into the product life cycle.
• Implementation of web application firewall on all the websites.
• Providing security requirements for test-driven design
• Producing metrics reporting the state of application security programs and performance of development teams against requirements
• Ensuring the change & release management follows the defined processes & guidelines for application security.
• Developing and managing the DevSecOps for assurance of secure code practices across the organization
• Lead the remediation of application vulnerability screening and penetration testing.
• Manage integration with vulnerabilities assessment techniques, including Static Code Analysis and Dynamic Code Analysis
Qualifications
• Minimum of 6 years of experience in CI/CD, DevSecOps, Automation, Quality Engineering, and Cybersecurity.
• At least 4 years of experience in SAST/DAST and penetration testing.
• At least 2 years of experience in Web application firewall (AKAMAI) implementation.
• Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing.
• In-depth knowledge of web and API security vulnerabilities, attack vectors and mitigation techniques
• Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language.
• Fluent with security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools
• Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Knowledge of DevSecOps to maintain security in CI/CD pipeline.
• Solid experience with security tools like Fortify, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus
• Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
• Strong knowledge of cryptography, API security, and secret management
• Ability to communicate concerns and issues clearly and effectively to the management and engineers.
• Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management.
• Good oral and written communication skills
• CEH & CISSP or CISA certification preferred.
Job Segment:
Testing, PLM, Information Security, Java, Developer, Technology, Management