Application Security Engineer
- The candidate must have strong experience in application security assessment. threat modeling, code review, static and dynamic testing.
- The candidate must have a strong understanding of common security libraries, security controls, and common security flaws.
- Candidate must have experience in performing application vulnerability Management, penetration testing, application & API security assessment.
- Candidate must have experience with OWASP, static/dynamic analysis, and common security tools
- Candidate must have basic knowledge of development or scripting experience
- Candidate must have experience in identifying security issues through code review during entire SDLC cycle
- A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
- Experience in working with developers
- Candidate must have good communication skills (written & verbal)
- He / She will be responsible for performing application security assessment, code review, API security assessment.
- Participate in and support application security reviews and threat modeling, including code review and static/dynamic testing.
- Ensure that security across all aspects of the software is uniform by setting up checkpoints.
- Perform threat modeling for applications to determine the potential threats and vulnerabilities to an application and identify points where applications are most vulnerable.
- Based on assessment results explore the threats that each application is exposed to and ranks them on a severity scale
- Recommend the countermeasures that could be developed to secure application
- He / She need to facilitate and support the preparation of security releases
- He / She needs to support product and development teams in the area of application security.
- Assist in the creation of best security development practices and security training for developers
Skills
- He / She must have 5 + Years of experience in Application security assessment & application vulnerability management with strong academic background.
- Ability to stay current with emerging threats, security risks, and potential impacts to the business.
- Should have strong exposure to application security assessment, code review, secure development practices, and application security tools & technologies.
- Candidate should have at least one Information security certification CEH, CASE, or CISSP
Subodh Popalwar
Software Engineer, Memorres
About They provide both wholesale and retail funding. PM1
Similar jobs
Amazon Web Services (AWS)About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
Position: IT Auditor
Experience: 4-12 Years
Location: Pune
Key Skills Required:
CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker
Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,
IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
• Evaluate IT systems, processes and projects in place;
• Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
• Ensure information management processes are in compliance with IT-specific laws, policies and standards;
• Determine inefficiencies in IT systems, IT projects and associated management processes and
• Consult in IT projects, new initiatives and organizational frameworks.
Description
Audit Planning
1) Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2) Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3) Participate in the preparation of work program
Audit Process
1) Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2) Request and collect relevant audit data for analysis from respective business areas.
3) Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4) Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5) Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6) Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7) Prepare the draft audit report and submit the same to the IT Audit Manager and the Head of IT Audit India Hub for review.
8) Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9) Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10) Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11) Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12) Relevant knowledge is shared among the team members.
13) Consult in IT projects, new initiatives and organizational frameworks.
14) Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15) Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16) Evaluate IT systems, processes and projects in place.
17) Determine inefficiencies in IT systems, IT projects and associated management processes.
About the Manager- Content Writing
We are looking for a passionate and creative content writer to join our marketing team. You are an individual who possess world-class writing skills, loves making complex technology easy to understand and thrives in a fast paced agile environment.
Responsibilities (not exhaustive)
- Design and execute content marketing strategy to support sales and marketing team
- Write compelling content for multiple online channels like blogs, white papers, Ebooks, case studies, press releases, videos, etc.,
- Drive internal sales enablement and work closely with our Inside Sales team to develop monthly client pitches, emails, and drafting content with various touch points defined in the outbound sales activity.
- Write innovative content copy for weekly social media posts (LinkedIn, Twitter)
- Ghost write few original content in the form of blogs, ebooks, others
- Support content operations including uploading content, maintaining content management system (Wordpress), creating supporting graphics.
- Use search engine optimisation (SEO) in writing to maximise the visibility of all the online content pieces
- Engage with the internal product team, strategy team to get product briefs and create positioning documents.
- Research buyer personas, and create appropriate messaging around it.
- This profile will be required to collaborate extensively with fellow colleagues across the marketing, inside sales, strategy, leadership, other teams to create and execute high impact content development and content marketing projects.
The Ideal Candidate
Education
- Bachelor’s degree preferably in Journalism, Business Marketing or related field from a top institute with an excellent academic record
Experience
- 4+ years of content marketing experience in IT industry / tech start-ups (SaaS experience is a plus)
- Have a proven track record of on time and high-quality project delivery
- Experience of having operated effectively in a high demand, rapidly shifting / fluid environment.
- Ability to work on multiple projects with different objectives simultaneously
Functional Skill Set
- Impeccable grasp of English language with strong interpersonal skills
- Strong knowledge of SEO, SEM, Google Analytics best practices
- Understanding of Social media content formats and style.
- Well versed with the nuisances of social media, especially LinkedIn and Twitter
Leadership Skills and Mindsets
- Lives and breathes a proactive delivery mindset, role-filling as necessary to meet program goals.
- Strong leadership skills and demonstrated ability to manage through times of uncertainty and change
- Ability to work with marketing and sales teams virtually
- Good time management skills, including prioritizing, scheduling and adapting as necessary
- Exceptionally creative with the ability to come up with creative content suggestions for various sales and marketing campaigns for different industries and personas
- Innovative mindset to come up with engaging content strategy that adds to our brand voice.
- Ability to quickly understand and communicate technical concepts and challenges across a wide range of audiences
- Self starter with the aggression to contribute continuously to increasing brand reach, and in the long run generating leads
Location
Anywhere in India, Mumbai preferred.
Follow CutshortSubodh Popalwar
Software Engineer, Memorres