Application Security Engineer (Java)

Sr. Offensive Security Engineer:

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security. 

You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.

To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.

WHAT YOU’LL DO:

• Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
• Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings

YOUR QUALIFICATIONS:

• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
• 3+ years of experience with dynamic and manual code auditing to identify security issues
• 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
• Experience with threat modeling, design review, or other threat analysis techniques

Bonus points:

• Experience with mobile application penetration testing
• Knowledge of cloud service providers, especially Google Cloud
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTFs, CVE research, and/or Bug Bounty programs

Total Experience:6months to 1 Year

Notice: Immediate Joiners

• Good experience of 1-2 years in sourcing from different channels
• Solid knowledge of sourcing techniques (e.g. social media recruiting and LinkedIn) 
• Should have basic technical knowledge of technologies used in IT & eCommerce (Java, SAP, Springboot, Scrum, product management, Digital marketing etc) 
• Strong communication and influencing skills  
• Source, screen, and conduct initial technical interviews with qualified candidates for all the positions along with the business leaders, and schedule follow-up interviews.
• Interaction with the relevant candidates, briefing them about the requirement
• Evaluate the technical skills of candidates and organize next interview rounds with leaders. 
• Initiate search for lateral recruitment by executing a complete search of the database as per the requirements to find relevant candidates
• Build talent pipeline for today and tomorrow with passive sourcing ability 
• Execute a complete search of the database as per the requirements to find relevant candidates
• Maintaining and updating the database of the candidates
• Understanding of business teams & their requirements
• Strong data analysis skills, ability to perform data analysis and make data-driven decisions 
• You are a technology enthusiast, you care about how things work and you can successfully collaborate with technical experts & leaders
• Ability to understand the organizational fit for the needs of the company 
• Experience recruiting for IT, eCommerce, Data Engineering talent
• Experience working with recruiting tools and systems, including resume databases, internet sourcing tools, and spreadsheets 
• Familiarity with Applicant Tracking Systems and resume databases 

As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.

• Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
• Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
• Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
• Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
• Communicating findings and recommendations to management and other stakeholders.
• Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
• To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.

Roles and Responsibilities

• Managing Availability, Performance, Capacity of infrastructure and applications.
• Building and implementing observability for applications health/performance/capacity.
• Optimizing On-call rotations and processes.
• Documenting “tribal” knowledge.
• Managing Infra-platforms like Mesos/Kubernetes,CICD,Observability (Prometheus/New Relic/ELK),Cloud Platforms (AWS/ Azure),Databases,Data Platforms Infrastructure
• Providing help in onboarding new services with production readiness review process.
• Providing reports on services SLO/Error Budgets/Alerts and Operational Overhead.
• Working with Dev and Product teams to define SLO/Error Budgets/Alerts.
• Working with Dev team to have in depth understanding of the application architecture

          and its bottlenecks.

• Identifying observability gaps in product services, infrastructure and working with stake

          owners to fix it.

• Managing Outages and doing detailed RCA with developers and identifying ways to

          avoid that situation.

• Managing/Automating upgrades of the infrastructure services.
• Automate toil work.
•  

Experience & Skills

• 6+ years of total experience
• Experience as an SRE/DevOps/Infrastructure Engineer on large scale microservices and infrastructure.

• A collaborative spirit with the ability to work across disciplines to influence, learn, and

         deliver.

• A deep understanding of computer science, software development, and networking principles.
• Demonstrated experience with languages, such as Python, Java, Golang etc.
• Extensive experience with Linux administration and good understanding the various

linux kernel subsystems (memory, storage, network etc).

• Extensive experience in DNS, TCP/IP, UDP, GRPC, Routing and Load Balancing.
• Expertise in GitOps, Infrastructure as a Code tools such as Terraform etc.. and
• Configuration Management Tools such as Chef, Puppet, Saltstack, Ansible.
• Expertise of Amazon Web Services (AWS) and/or other relevant Cloud Infrastructure

solutions like Microsoft Azure or Google Cloud.

• Experience in building CI/CD solutions with tools such as Jenkins, GitLab, Spinnaker,

Argo etc.

• Experience in managing and deploying containerized environments using Docker,

Mesos/Kubernetes is a plus.

Designation: Technical Recruiter

Location: Indore (M. P.)

Duration : Full time

Roles and Responsibilities

• Should have experience of various job portal like Naukri.com, LinkedIn, Monster etc.
• Should have min 6 month  - 5  yrs. of experience in in -house / international recruitment.
• Sound understanding of all technology like ROR, React JS,  Java, .Net, PHP, Python, Android / Mobile development etc.
• Must be excellent in communication skills oral and written.

Are you the one? Quick self-discovery test:

1. Love for the cloud: When was the last time your dinner entailed an act on “How would ‘Jerry Seinfeld’ pitch Cloud platform & products to this prospect” and your friend did the ‘Sheldon’ version of the same thing.
2. Passion: When was the last time you went to a remote gas station while on vacation and ended up helping the gas station owner saasify his 7 gas stations across other geographies.
3. Compassion for customers: You listen more than you speak.  When you do speak, people feel the need to listen.
4. Humor for life: When was the last time you told a concerned CEO, ‘If Elon Musk can attempt to take humanity to Mars, why can’t we take your business to run on the cloud?

So what are we looking for?

• Experience in On-premises to AWS cloud Migration. 
• Linux and Windows servers knowledge .
• Application knowledge like Java, .net, Python, Ruby.
• On-premises to Cloud migration assessment experience as a must .
• Able to provide a detailed migration analysis report and present it to the customer.
• Creative problem-solving skills and superb communication skills. 
• Respond to technical queries / requests from team members and customers. 
• Ambitious individuals who can work under their own direction towards agreed targets/goals. 
• Ability to handle change and be open to it along with good time management and being able to work under stress. 
• Proven interpersonal skills while contributing to team effort by accomplishing related results as needed. 
• Maintain technical knowledge by attending educational workshops, reviewing publications.

Job Responsibilities:

1. Managing  initiatives for migration and modernization in AWS cloud environment 
2. Leads and builds Modernization architecture solution from (on-prem or VMWare) into modern platform (Cloud AWS) through modular design by understanding application components 
3. Leads and SME in Modernization methodology and can lead the Design thinking workshop, method tailoring as Client environment and Client industry
4. The 6 most common application migration strategies below required
1. Re-host (Referred to as a “lift and shift.”)
2. Re-platform (Referred to as “lift, tinker, and shift.”)
3. Re-factor / Re-architect  
4. Re-purchase 
5. Retire
6. Retain ( Referred to as re-visit.)
5. Application migration analysis experience like application compatibility on the cloud, Network, security support on cloud.

Qualifications:

1. Is Education overrated? Yes. We believe so. But there is no way to locate you otherwise. So we might look for at least a Bachelor’s or Master's degree in engineering from a reputed institute or you should be programming from 12. 
1. And the latter is better. We will find you faster if you specify the latter in some manner. Not just a degree, but we are not too thrilled by tech certifications too :)
2. Architects with 10+ total and 6+ years of experience on Modernization applications and led Architecture initiatives on AWS Modernization.
3. Managed and implemented at least 5 engagement modernizing client applications to AWS Cloud and on WebSphere and Java/J2EE or .NET.
4. Experience on using DevOps tools during Modernization.
5. Complete in-depth experience and knowledge of AWS as a product and its components.
6. AWS certification would be preferred.
7. Experience in Agile fundamentals and methodology.

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.