Security Assessment

About us

Astra is a cyber security SaaS company that makes otherwise chaotic penetration tests a breeze with its one of a kind Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests. CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations.

Astra is loved by 500+ companies across the globe. In 2022 Astra uncovered 800,000+ vulnerabilities for its customers, saving customers $30M+ in potential losses due to security vulnerabilities.

We've been awarded by the President of France Mr. François Hollande at the La French Tech program at Prime Minister of India Mr. Narendra Modi at the Global Conference on Cyber Security.

Experience Required:

• Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
• 3+ years of experience in VA/PT

Job Responsibilities:

• VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
• Developing & testing rule sets for our pentest suite
• Preparing pentest reports through Astra’s pentest suite
• Interacting with clients over remediation calls
• Explaining steps to fix to clients
• Maintaining our vulnerability management system

Key Skills Required:

• Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
• Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
• Knowledge of LAMP stack & PHP would be great to have

We Offer:

• Embrace the cosy remote work lifestyle.
• Feel the startup adrenaline pumping through your veins.
• Revel in our open, growth-centric ambiance; it's like a digital playground.
• Dive deep into the captivating world of cybersecurity.
• And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review

2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

3. False Positive removal and manual application testing      

4. Working exp of Python, Java, .Net etc         
5. Experience of using MF Fortify is a must

6. Proactively identify vulnerabilities and recommend fixes

7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time                                                                                     

8. Experience in using security tools to carry out manual as well as automated security assessments

9. Experience working with common product flows like payment gateway integration, authentication etc.                                                          

10. Client handling exp

11. Should be able to address client queries, work on proposals etc                                                        

12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• The candidate must have strong experience in application security assessment. threat modeling, code review, static and dynamic testing.
• The candidate must have a strong understanding of common security libraries, security controls, and common security flaws.
• Candidate must have experience in performing application vulnerability Management, penetration testing, application & API security assessment.
• Candidate must have experience with OWASP, static/dynamic analysis, and common security tools
• Candidate must have basic knowledge of development or scripting experience
• Candidate must have experience in identifying security issues through code review during entire SDLC cycle
• A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)
• Experience in working with developers
• Candidate must have good communication skills (written & verbal)
• He / She will be responsible for performing application security assessment, code review, API security assessment.
• Participate in and support application security reviews and threat modeling, including code review and static/dynamic testing.
• Ensure that security across all aspects of the software is uniform by setting up checkpoints.
• Perform threat modeling for applications to determine the potential threats and vulnerabilities to an application and identify points where applications are most vulnerable.
• Based on assessment results explore the threats that each application is exposed to and ranks them on a severity scale
• Recommend the countermeasures that could be developed to secure application
• He / She need to facilitate and support the preparation of security releases
• He / She needs to support product and development teams in the area of application security.
• Assist in the creation of best security development practices and security training for developers

Skills

• He / She must have 5 + Years of experience in Application security assessment & application vulnerability management with strong academic background. 
• Ability to stay current with emerging threats, security risks, and potential impacts to the business. 
• Should have strong exposure to application security assessment, code review, secure development practices, and application security tools & technologies.  
• Candidate should have at least one Information security certification CEH, CASE, or CISSP