The candidate will champion security with the application and infrastructure teams by actively participating in the security design of new solutions and performing security assessments of their implementations (as well as that of existing systems). Some examples include: Reviewing our trading systems applications that run as distributed systems on the cluster and conducting security assessments of a proprietary workflow application spun-off as a PaaS on AWS cloud. They will design, build, and operate innovative tools to improve internal security testing and operations. Additionally, they will develop software that adds or extends layers of security on other internal as well as open-source software. Some examples include: developing in-house Static and Dynamic Application Security Testing (SAST/DAST) tools and adding a Kerberos integration to open-source databases like Redis and Mongo.
Requirements
- B. E/B. Tech/M. E/M. Tech degree in computer science and engineering or related field, and three or more years of work experience in the security engineering domain is a must.
- An ideal candidate should have a solid grasp of computer science fundamentals and security principles, as well as a practical understanding of how security fails in the real world.
- They should have relevant hands-on experience with web-based as well as non-web distributed application security and penetration testing.
- A thorough understanding of SDLC and security implications of all the stages, as well as robust software development skills preferably in Python.
- Clear communication skills are essential as the role entails significant interaction with teams across departments in the organisation.
- Good interpersonal skills will be required to drive the security agenda across teams.