11+ SANS Jobs in India

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

Sr. Offensive Security Engineer:

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security. 

You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.

To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.

WHAT YOU’LL DO:

• Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
• Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings

YOUR QUALIFICATIONS:

• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
• 3+ years of experience with dynamic and manual code auditing to identify security issues
• 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
• Experience with threat modeling, design review, or other threat analysis techniques

Bonus points:

• Experience with mobile application penetration testing
• Knowledge of cloud service providers, especially Google Cloud
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTFs, CVE research, and/or Bug Bounty programs

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Perform Mobile Application Security Testing

- Scan Network for Security Vulnerabilities

- Co-ordinate with the clients for Project related queries

- Undertake meeting with the client teams for discussing security issues and recommendations

- Create detailed security reports

- Keep track of project progress & send regular updates

- Research on Open source security tools & new security topics

• Web Application Security – OWASP Top 10
• Mobile Application Security – Mobile OWASP Top 10
• Threat Modelling
• Risk Rating Frameworks
• Web Traffic Interception (For Web/Mobile apps)
• SSL
• Network Concepts
• Web Development Basics - HTTP/HTML/JavaScript
• Basic Mobile Application Concepts (either Android or IOS)

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

• Manage security tools(Snyk, Fossa, Trivy).
• Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation 
• Monitor license violations.  
• Perform Security Assessments and Threat Modeling
• Security Incident Response. Be part of a security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis.
• Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection).
• Given our fast pace and startup nature, things change over time and your job responsibilities will too.

You'll need:

• Web application security experience.
• Familiarity with a modern SaaS infrastructure and application development.
• Manual and/or automated Penetration Testing (white box, black box & grey box).
• Good understanding of security risk(OWASP Top 10).
• Pen-testing: burp suite/ postman, etc.
• Vulnerability management: Snyk, fossa, NexusIQ, WhiteHat security, aqua security, GitHub security, etc.
• Familiarity with major security protocols.
• Collaboration, transparency, and integrity.
• BS/MS degree; 5+ years of relevant experience.

Nice to have:

• Experience in scripting languages(BASH, Python, JS, etc).
• CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry-recognized certifications.
•