B.E /B.Tech or M.E/M.Tech in Computer Science or Information Security or equivalent experience
1 to 2 years if hands on experience with web, mobile, network, API security assessments and penetration testing
Experience working in SaaS environments / cloud where security is a continuous process is preferred
Experience with DAST, SAST tools and security platforms is preferable
Ability to find security issues in functional components and business logic
Good track record of having reported vulnerabilities through bug bounty programs and responsible disclosure
Thorough knowledge of application security standards such as OWASP Top 10, SANS Top 25, CERT Secure Coding, NIST standards.
Ability to write scripts and programs to support security automation efforts
Security certifications are a plus (OSCP, CEH etc.)
The Application Security Engineer will work in BMC’s R&D Product Security Group and will carry out threat modeling, security reviews, penetration tests and vulnerability assessments of multiple products and SaaS environments.
Primary Roles and Responsibilities:
Perform security assessments of R&D products covering application, SaaS, open source
stacks, infrastructure, containers and cloud
Provide subject matter expertise for Application Security and SaaS security
Develop security policies, standards, procedures and guidelines related to product
security and release management
Implement necessary application security measures such as secure coding and security
Implement necessary security tools to test, monitor and detect security events
Implement security controls for the public cloud (such as AWS) and support monitoring and incident detection efforts
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.