ElementSkill

Team Lead - Applications Security Engineering

Click Here to Apply

Job Location

pune, India

Job Description

Key Responsibilities : Security-Focused Code Reviews : - Conduct in-depth security assessments by reviewing source code using the Checkmarx Platform. - Perform static application security testing (SAST) and software composition analysis (SCA) across a wide range of programming languages and frameworks. - Identify, document, and communicate vulnerabilities discovered during the code review process, providing comprehensive reports and analysis. Customer Support for Vulnerability Mitigation : - Work directly with customers' Application Security (AppSec) and Development teams to provide actionable advice on how to remediate vulnerabilities. - Offer hands-on guidance on secure coding practices, assisting customers in understanding the root cause of vulnerabilities and applying best practices for remediation. - Support customers in prioritizing security fixes based on the severity and potential impact of identified (PoC) Creation : - Develop and present proof-of-concept (PoC) attacks to illustrate how identified vulnerabilities can be exploited in real-world scenarios. - Provide technical demonstrations to help customers comprehend the risk level of specific vulnerabilities and the importance of remediation. Application Architecture Analysis : - Collaborate with AppSec and Dev teams to analyze the security aspects of application architecture. - Provide recommendations to secure the architecture at the design stage to prevent vulnerabilities from being introduced. - Conduct threat modeling to identify potential attack vectors and ensure that security is embedded into the development lifecycle. Mentorship and Knowledge Sharing : - Mentor junior engineers and security analysts in building their technical skills related to application security. - Conduct internal training sessions to upskill less experienced engineers in areas such as secure code review, vulnerability research, and remediation techniques. Research and Continuous Improvement : - Stay updated on the latest security vulnerabilities, exploit techniques, and industry trends in cybersecurity. - Proactively research emerging threats and vulnerabilities across different technologies, contributing to the development of new security solutions. - Regularly participate in knowledge-sharing sessions, conferences, and forums to stay at the forefront of the AppSec field. Client-Focused Security Consulting : - Act as a trusted advisor to clients, providing security consulting services related to code review, vulnerability management, and secure development practices. - Engage with clients to understand their specific security requirements and challenges, and tailor solutions that address their unique needs. - Assist clients in adopting a DevSecOps culture, integrating security tools like company's tool into their CI/CD pipelines for automated and continuous security testing. Collaboration with Internal Teams : - Work closely with company's internal product and development teams to ensure that our security tools and platforms remain at the cutting edge of technology. - Provide feedback on product improvements based on customer experiences and security challenges observed during code reviews. - Collaborate with the sales and pre-sales teams to support customer onboarding, providing technical expertise and addressing security concerns. Reporting and Documentation : - Prepare and deliver comprehensive security assessment reports, including technical details, remediation steps, and risk assessment for each identified vulnerability. - Maintain detailed documentation of customer interactions, code review findings, and remediation processes for future reference and audit purposes. Support for Large-Scale, Enterprise Clients : - Provide high-quality, security-focused support for company's top-tier enterprise clients. - Collaborate with global teams to ensure that customer expectations are met or exceeded and that projects are delivered on time. - Support customer success teams by providing technical expertise. Skills : - Bachelor's degree in computer science or another highly technical scientific discipline. - 8 year's experience in one or more high-level programming languages like Java, .Net, Go, Python, etc. - 5 years' experience in security-focused code review covering some market standards AppSec Frameworks like OWASP Web/API/Mobile Top 10, PCI-DSS, etc. - Deep understanding of large enterprise-grade systems and architectures, as also as modern development paradigms. - A proactive approach to spotting problems, areas for improvement, and performance bottlenecks. - Strong technical aptitude - being able to pick up technical concepts rapidly is required. - Highly motivated self-starter. - Fluent in English ( for other languages). - For security related certifications - for proven experience with security-focused code review using Checkmarx technologies The fine print : - Work from office/home (hybrid). - Some international travel required (less than 10%) (ref:hirist.tech)

Location: pune, IN

Posted Date: 11/27/2024
Click Here to Apply
View More ElementSkill Jobs

Contact Information

Contact Human Resources
ElementSkill

Posted

November 27, 2024
UID: 4892965182

AboutJobs.com does not guarantee the validity or accuracy of the job information posted in this database. It is the job seeker's responsibility to independently review all posting companies, contracts and job offers.