Application Security Engineer
- Our ideal candidate will be passionate about security threats, Conducting Vulnerability Assessment and Penetration Testing for web application, mobile applications for both android and iOS, Performs manual and automated testing to identify potential security threats and Preparing detailed reports.
- Collaborate with cross-functional teams to identify security risks and develop solutions to mitigate those risks.
- Excellent analytical and problem-solving skills, with the ability to identify and mitigate potential security threats.
- Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
- Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people.
- Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats.
- You will play a key role in the design and development of web and mobile applications, including application security assessment, vulnerability assessment, penetration testing and source code review.
- You analyse a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident, event analysis and must possess knowledge of operating systems, TCP/IP networking, network attacks, attack signatures, defence countermeasures, vulnerability management, and log analysis.
- You explore and operationalise new security tools and technology.
- Working knowledge of manual/automated testing of web applications and mobile applications.
- Good knowledge of modifying & compiling exploit code.
- Experience of working on Windows & Linux.
- Good understanding & knowledge of testing .NET based web applications, Python based web applications, REST/RESTful API Services, WEB PAI servies.
- Analyzing security breaches to identify the root cause.
- Actively learn job relevant new things out of self-interest.
- Conducting security and vulnerability assessments and identifying vulnerabilities.
- Staying up-to-date with the latest security threats and trends in computer security, and cloud computing and adapting security strategies accordingly.
- Min 2 years of experience in Conducting Vulnerability Assessment and Penetration Testing for Web applications and Mobile applications.
- Experience with penetration testing solutions (like Burp suite, and Nessus), vulnerability trackers, intrusion detection, and prevention systems.
- Good understanding of application security frameworks, vulnerability assessments and penetration testing (OWASP, SANS, PTES etc.).
- Theoretical knowledge about Security Operations Centre (SOC), SIEM monitoring tools- log analysis, packet analysis and packet capture tools, TCP/IP networking, and reverse engineering.
- Basic understanding of common databases and web technologies.
- Good understanding of cloud security.
- Knowledge on security testing tools like burp suite, nessus, metasploit.
- Solid knowledge of computer networks and common protocols: TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, HTTP, and etc.
- Proficiency in one or more programming/scripting languages (.NET, ASP.NET MVC, .NET Core, WEB API, Python, DJANGO, Flutter, DART, Kotlin, SWIFT).
- In-depth technical knowledge of Windows and Linux Operating Systems.
- Thorough understanding of Microsoft products and platforms (IIS, MS SQL Server, Windows Server, Windows 10, etc.)
- Thorough understanding of AWS and Azure platforms.
- Out-of-the-box thinking and your ability to communicate as well as your analytical skills will be a plus.
- Good communication skills and ability to work in a team environment.
- English fluency in writing and speaking.
- Strong communication to be able to effectively communicate security risks and recommendations to non-technical stakeholders, including senior management.
- Knowledge of cloud security best practices and compliance requirements (e.g., ISO 27001, SOC 2)
- Experience in performing penetration testing on web applications, APIs and mobile applications.
- Familiarity with common web vulnerabilities including XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws. Experience in testing web-based APIs (REST, SOAP, XML, JSON).
- Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
- Experience in performing Reverse Engineering for APIs and mobile applications.
- Experience developing actionable intelligence based on open-source intelligence (OSINT) gathering.
- Experience with 1 or more scripting languages such as .NET, Python, Bash, PowerShell, etc.