4+ Vulnerability scanning Jobs in India

About us

Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.

We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.

Experience Required:

• Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
• 3+ years of experience in VA/PT

Job Responsibilities:

• VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
• Developing & testing rule sets for our pentest suite
• Preparing pentest reports through Astra’s pentest suite
• Interacting with clients over remediation calls
• Explaining steps to fix to clients
• Maintaining our vulnerability management system

Key Skills Required:

• Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
• Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
• Knowledge of LAMP stack & PHP would be great to have

We Offer:

• Embrace the cosy remote work lifestyle.
• Feel the startup adrenaline pumping through your veins.
• Revel in our open, growth-centric ambiance; it's like a digital playground.
• Dive deep into the captivating world of cybersecurity.
• And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.

A BIT ABOUT US

Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 30+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

• Anyone pursuing their graduation or post-graduation related to IT security 
• Skills - Application Penetration Testing, 
• Knowledge or experience of IoT testing, and source code audits are plus points
• Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues

Minimum Requirements

• Must be comfortable with tools like burp suite, nmap, sqlmap, r2 etc
• Strong Analytical Skills
• Strong grasp of fundamentals of information security
• Strong Grasp of Web, API and mobile Pen-Testing
• Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
• Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
• Provide appropriate remediation and mitigations of the identified vulnerabilities.
• Basic understanding of cloud platforms like AWS or GCP. Security knowledge in this domain is a plus.

Responsibilities

• Security assessment of web and mobile applications.
• Understand and explain the results with impact on business and compliance status
• Continuously learning and training on latest tools and techniques

Personality traits we really admire

• A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
• Great attitude to ask questions, learn and suggest process improvements.
• Has attention to details and helps identify edge cases.
• Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
• Follow timelines and absolute commitment to deadlines.

Interview Process 

• Round 1 CTF Round - Profile and skill Evaluation
• Round 2 - Technical Interview with security team member
• Round 3 - Technical Interview with the Team Lead
• Round 4 - HR Round

 Why Join Us

• Great Stipend& PPO: We keep up with the market standards & provide stipend/pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also PPO for our top interns.
• Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
• Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours.
• Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand.

About us

Astra is a cyber security SaaS company that makes otherwise chaotic pentests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 650+ companies across the globe. In 2023 Astra uncovered 2 million+ vulnerabilities for its customers, saving customers $69M+ in potential losses due to security vulnerabilities. 

We've been awarded by the President of France Mr. François Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security. Loom, MamaEarth, Muthoot Finance, Canara Robeco, ScripBox etc. are a few of Astra’s customers.

Role Overview

As an SDE 2 Back-end Engineer at Astra, you will play a crucial role in the development of a new vulnerability scanner from scratch. You will be architecting & engineering a scalable technical solution from the ground-up.

You will have the opportunity to work alongside talented individuals, collaborating to deliver innovative solutions and pushing the boundaries of what's possible in vulnerability scanning. The role requires deep collaboration with the founders, product, engineering & security teams.

Join our team and contribute to the development of a cutting-edge SaaS security platform, where high-quality engineering and continuous learning are at the core of everything we do.

Roles & Responsibilities:

• You will be joining our Vulnerability Scanner team which builds a security engine to identify vulnerabilities in technical infrastructure.
• You will be the technical product owner of the scanner, which would involve managing a lean team of backend engineers to ensure smooth implementation of the technical product roadmap.
• Research about security vulnerabilities, CVEs, and zero-days affecting cloud/web/API infrastructure.
• Work in an agile environment of engineers to architect, design, develop and build our microservice infrastructure.
• You will research, design, code, troubleshoot and support (on-call). What you create is also what you own.
• Writing secure, high quality, modular, testable & well documented code for features outlined in every sprint.
• Design and implement APIs in support of other services with a highly scalable, flexible, and secure backend using GoLang
• Hands-on experience with creating production-ready code & optimizing it by identifying and correcting bottlenecks.
• Driving strict code review standards among the team.
• Ensuring timely delivery of the features/products
• Working with product managers to ensure product delivery status is transparent & the end product always looks like how it was imagined
• Work closely with Security & Product teams in writing vulnerability detection rules, APIs etc.

Required Qualifications & Skills: 

• Strong 2-4 years relevant development experience in GoLang
• Experience in building a technical product from idea to production.
• Design and build highly scalable and maintainable systems in Golang
• Expertise in Goroutines and Channels to write efficient code utilizing multi-core CPU optimally
• Must have hands-on experience with managing AWS/Google Cloud infrastructure
• Hands on experience in creating low latency high throughput REST APIs
• Write test suites and maintain code coverage above 80%
• Working knowledge of PostgreSQL, Redis, Kafka
• Good to have experience in Docker, Kubernetes, Kafka
• Good understanding of Data Structures, Algorithms and Operating Systems.
• Understanding of cloud/web security concepts would be an added advantage

What We Offer:

• Adrenalin rush of being a part of a fast-growing company
• Fully remote & agile working environment
• A wholesome opportunity in a fast-paced environment where you get to build things from scratch, improve and influence product design decisions
• Holistic understanding of SaaS and enterprise security business
• Opportunity to engage and collaborate with developers globally
• Experience with security side of things
• Annual trips to beaches or mountains (last one was Chikmangaluru)
• Open and supportive culture 

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting