Cutshort logo
HappyFox logo
Senior Security Engineer
Senior Security Engineer
HappyFox's logo

Senior Security Engineer

Lindsey A's profile picture
Posted by Lindsey A
5 - 12 yrs
₹10L - ₹15L / yr
Chennai, Bengaluru (Bangalore)
Skills
IT security
Network Security
OWASP
Threat modeling
Exploratory testing
Web application security
Penetration testing
NIST
SANS

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

 

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

 

To know more, Visit! - https://www.happyfox.com/

 

Responsibilities:

  • Perform manual and automated application penetration tests and provide suggestions to harden our products
  • Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
  • Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
  • Keep up with industry trends in the security space
  • Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
  • Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
  • Scale our application security engineering team

 

Requirements:

  • Strong verbal and written communication skills
  • Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
  • Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
  • Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

 

Read more
Users love Cutshort
Read about what our users have to say about finding their next opportunity on Cutshort.
Subodh Popalwar's profile image

Subodh Popalwar

Software Engineer, Memorres
For 2 years, I had trouble finding a company with good work culture and a role that will help me grow in my career. Soon after I started using Cutshort, I had access to information about the work culture, compensation and what each company was clearly offering.
Companies hiring on Cutshort
companies logos

About HappyFox

Founded :
2012
Type :
Product
Size :
20-100
Stage :
Bootstrapped
About

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.


We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.


To know more, Visit! https://www.happyfox.com/

Read more
Company video
HappyFox's video section
HappyFox's video section
Product showcase
Help Desk 's logo
Help Desk
Visit
Deliver outstanding support and achieve new goals with HappyFox
Read more
Assist AI's logo
Assist AI
Visit
Transform your relationship with employees with conversational AI
Read more
Chatbot 's logo
Chatbot
Visit
You won’t have to answer repetitive customer service questions anymore. Mimic human conversations with enhanced messaging functionalities that serve your business needs
Read more
Workflow 's logo
Workflow
Visit
Reduce the burden of manual and repetitive business processes with end-to-end workflow automation. Streamline your business processes with HappyFox Workflows, a cloud-based, no-code, workflow management platform
Read more
Live Chat's logo
Live Chat
Visit
Provide real-time, chat support to customers without them having to leave the app. Integrate and deploy the SDK in minutes
Read more
Business Intelligence's logo
Business Intelligence
Visit
Transform data from different sources into cross-functional reports and dashboards. Track your key performance indicators, measure trends, identify outliers, and uncover hidden insights. Get more out of your data with HappyFox Business Intelligence software
Read more
Company social profiles
bloglinkedintwitterfacebook

Similar jobs

An Indian energy and power company.
An Indian energy and power company.
Agency job
via Jobdost by Sathish Kumar
Ahmedabad
3 - 10 yrs
₹5L - ₹15L / yr
Network Security
Cyber Security
IT security
Web application security
Torrent Power is an Indian energy and power company, having interests in power generation, transmission, distribution and manufacturing and supply of power cables.

Security (AM/Executive)

• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
Read more
HSR Layout , Bangalore
2 - 6 yrs
₹4L - ₹10L / yr
Web application security
Penetration testing
Source Code review

1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review

2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

3. False Positive removal and manual application testing      

4. Working exp of Python, Java, .Net etc         
5. Experience of using MF Fortify is a must

6. Proactively identify vulnerabilities and recommend fixes

7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time                                                                                     

8. Experience in using security tools to carry out manual as well as automated security assessments

9. Experience working with common product flows like payment gateway integration, authentication etc.                                                          

10. Client handling exp

11. Should be able to address client queries, work on proposals etc                                                        

12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams

Read more
Gurugram
7 - 9 yrs
₹15L - ₹35L / yr
Nessus
OWASP
VAPT
NetCAT
Application security tools

Primary Skills

Experience on network vulnerability scanning penetration testing

Experience with Nessus NetCat, NMAP Backtrack, Metasploit,Wireshark , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone)

Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)

In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database

Thorough and practical knowledge of OWASP

Hands on experience with popular application security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux

Working knowledge of manual testing of web applications

Good knowledge of modifying and compiling exploit code

Good understanding and knowledge of codes languages

Has practical experience in auditing various OS , DB , Network and Security technologies

Microsoft office – Word, Excel, PowerPoint

Read more
OYO Rooms
at OYO Rooms
20 recruiters
Shraddha Jhamb
Posted by Shraddha Jhamb
Bengaluru (Bangalore), Delhi, Gurugram, Noida, Ghaziabad, Faridabad, Hyderabad
4 - 6 yrs
₹5L - ₹20L / yr
Penetration testing
skill iconAmazon Web Services (AWS)
Azure
OSCP
LCEH
+1 more

About The Company -

OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.

 

Key Responsibilities:

 

  • Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
  • Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
  • Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
  • Work closely with the DevOps team to secure the cloud environment.
  • Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
  • Improve and automate cybersecurity processes within the CI/CD pipelines.
  • Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
  • Deliver awareness sessions on Secure Development to engineering/development teams
  • Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
  • Preparing and launching social engineering campaigns;

 

Key Skills:

 

  • Expertise in application(Web & Mobile) and infrastructure penetration testing.
  • Strong experience with Azure or AWS cloud environments and its security controls.
  • Experience with microservices architectures & distributed Platforms
  • Strong experience with using Agile software development and securing CI/CD pipeline.
  • Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
  • Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
  • Knowledge of common exploitation techniques and mitigations.
  • Experience in implementing and managing a vulnerability management program (process and technology).
  • Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
  • Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
  • Strong understanding of OWASP, PTES and other penetration testing methodologies.
  • Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
  • Strong knowledge in preparing and launching social engineering campaigns.
  • Ability to program or script in your preferred language
  • Good understanding of network and OS principles
  • Strong written and spoken English skills and ability to write high-quality reports
  • An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification

 

Cultural Traits common to all OYO Leaders -

 

● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity

● Ownership – anything between you and your job is also your job

● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities

● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you

 

Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.

 

Read more
Drip Capital
at Drip Capital
4 recruiters
Vaibhav  Khode
Posted by Vaibhav Khode
Remote only
2 - 8 yrs
₹15L - ₹50L / yr
Design review
Vulnerability assessment
skill iconAmazon Web Services (AWS)
Web application security
Secure SDLC
+1 more

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

  • Contribute to and improve secure SDLC practice
  • Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
  • Designing and implementing cloud and network security solutions.
  • Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
  • Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
  • Proactively identify vulnerabilities across our platform and work with developers in fixing them.
  • Automate and simplify security, as “Complexity is the enemy of Security”.
  • Handle Vulnerability Management and Patch Management processes.
  • Participate in the investigation related to Privacy/Security incidents and response activities.
  • Work with DevOps to implement the security tools and automation of the security tasks.
  • Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
  • Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

  • A minimum of 4 years of experience as an AppSec Engineer
  • Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
  • Hands-on experience in secure code review and automation of common security workflows.
  • Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
  • Good understanding of OWASP and SANS testing methodologies.
  • Good understanding of software security weaknesses and vulnerabilities.
  • Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
  • Ability to contribute as an individual and as part of a team
  • Working knowledge of any scripting language; Python or Go preferred
  • Experience in writing custom tools/scanners/extenders is a plus
  • Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Read more
Statestreet HCL Services
at Statestreet HCL Services
5 recruiters
Mansi Lakhanpal
Posted by Mansi Lakhanpal
Delhi, Gurugram, Noida, Ghaziabad, Faridabad
10 - 15 yrs
₹1L - ₹19L / yr
GRC
NIST
ISO 9000
Risk Management
Security audit
+5 more

Dear Candidate,

Greetings from HCL Technologies Ltd.

 

  • Make sense of Cyber security and compliance frameworks that apply to your business or industry
    • Identify business risks, taking into account the role of your hosting service provider
    • Determine which Cyber security controls are required to mitigate your identified risks
    • Improve collaboration and communication during Cyber security Incident mitigation and response.
    • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
    • Document and track efforts for evidence collection and audit preparation

 

  • will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
  • provide implementation and ongoing operation of Security management framework;
  • be responsible for coordinating activities to address the key Security risk exposures;
  • ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
  • direct the design of controls to address emerging or new Security risk and compliance requirements;
  • carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
  • implement, monitor and report on key Security risk indicators to identify and address emerging risks;
  • coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
  • manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
  • review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
  • incorporate vulnerability testing as an integral part of change management
  • Should have good knowledge of Cyber Security Framework and controls
  • CISA ,CISM or CISSP certification should be preferred.
  • Have good understanding of Security policy and process along with ITSM process.
Read more
Olacabs.com
at Olacabs.com
6 recruiters
Agency job
via zyoin by RAKESH RANJAN
Bengaluru (Bangalore)
8 - 12 yrs
₹18L - ₹30L / yr
Web application security
Mobile security
Infrastructure
Roles and Responsibilities 
    • Manage a team of highly skilled security engineers
    • Responsible for the security of all Ola applications. 
    • Enforce Security in SDLC,  and ensure any identified vulnerabilities are fixed before a feature goes to production.
    • Participate in the design review discussions to identify any security loophole, and recommend a secure design solution. 
    • Partner with engineering leaders across the company to help them prioritize security issues in their products.
    • Run the Ola’s Bug Bounty program effectively. 
    • Develop a roadmap for future work to enhance security, derive a project plan, and ensure the completion of the project within the timelines. 
    • Mentor the team members and work towards their career growth. 

     

    Minimum Qualifications

    • 7+ years of work experience in security engineering, including 2+ years of proven hands-on technical management experience of security engineers. 
    • Experience recruiting and managing technical teams, including performance management.
    • Technical experience across security disciplines – web/mobile app security, infrastructure security, security operations center. 
    • Experience building relationships with stakeholders and business leaders.
    • Must have Coding experience at least in one language.
    • Knowledge of standards like PCI-DSS, ISO27001, GDPR etc. 

     

    BS/MS in Computer Science or equivalent experience

Read more
This IT company is currently hiring for penetration testing.
This IT company is currently hiring for penetration testing.
Agency job
via IT company by Damini Rautela
Hyderabad
2 - 3 yrs
₹8L - ₹10L / yr
Penetration testing
VAPT
Penetration
skill iconPHP
skill iconPython
+5 more
JOB TITLE : SENIOR PENETRATION TESTER
JOB DESCRIPTION
(NOTE- we are looking for those candidates who join immediately or notice period of within 15-20days)
• Job Scope
o Conduct penetration testing on internal website/system owned by EC-Council
o Produce a report and presentation to the system owner explaining the security
structure and the vulnerabilities of the system
o Conduct scoping for any new projects
o Research and recommend fixes for issues/vulnerabilities identified during the
penetration testing
o Create and update security test plan regularly according to the nature of the website
assigned
o Conduct research on new vulnerabilities and threats regularly to improve oneself
capabilities
• Minimum Requirements
o At least 3 year experience in conducting any three of the following
▪ Network Penetration Testing
▪ Mobile Application Penetration Testing
▪ Web Application Penetration Testing
▪ Source Code Review
▪ Writing, extending and modifying exploits, shellcode
▪ Reverse engineering malware, data obfuscation and ciphers
o Bachelor’s degree in IT security related field or equivalent
o Any (2) of the following certification ; OSCP, OSCE, OSEP, OSWE, CRT, LPT or
equivalent
o Proficiency in at least 1 programming language such as PHP, ruby, Python, Perl
o Strong understanding of encryption (SSL/TLS, PKI) and other authentication methods
o Good experience with tools used for penetration testing such as Metasploit,
BurpSuite, w3af, Kali Linux, SQLMap, Skipfish
o Excellent written and verbal communication skills, especially when dealing with
large reports and datasets with a high standard of documentation
o Mastery in linux/unix operating system and bash/Powershell
Read more
One of the world top Product/Consulting company
One of the world top Product/Consulting company
Agency job
via Myna Solutions by Preethi M
Hyderabad, Pune, Bengaluru (Bangalore)
10 - 16 yrs
₹15L - ₹30L / yr
Network Security
Security
Web application security
skill iconJava
skill iconPython
- 10+ Years of experience in a technical position helping enterprise customers.

- 5+ Years of leading an engagement.

- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.

- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).

- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.

- Deep hands-on experience leading the design, development and deployment of business software at scale.

- Experience with service-oriented architectures, private and public clouds and web services security.

- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.

- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.

- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.

- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.

- Good understanding of Enterprise Networks, Security and Identity Access Management.

- Configuration management using CloudFormation and/or Chef/Puppet.

- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.

- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.

- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.

- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.

- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.

- Ability to travel to customer sites as needed.

PREFERRED QUALIFICATIONS:

- AWS Solutions Architect Certified.

- AWS Security Speciality Certified.

- CISSP, CCSP, CISM, and/or other comparable certifications.
Read more
AMBC Technologies Pvt Ltd
Ponmuthumari Mohan
Posted by Ponmuthumari Mohan
Bengaluru (Bangalore)
3 - 9 yrs
₹8L - ₹12L / yr
Web application security
oscp
vapt
Fortify
OWASP

Requirements:

  • Overall experience in the field of Information risk and security related initiatives/ projects.
  • Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
  • Ability to understand business concepts and integrate business risk elements into security operations.
  • Experience in conducting VAPT.
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
  • Strong ethics and understanding of ethics in business and information security.
  • Should have exposure to Code review, Network VA/PT and App VA/PT work.
  • Understanding and familiarity with common code review methods and standards.
  • Experience with code scanning toolsets such as Fortify and Ounce.
  • Understanding of HTTP and web programming.
  • Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
  • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
  • In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.
Read more
Why apply to jobs via Cutshort
people_solving_puzzle
Personalized job matches
Stop wasting time. Get matched with jobs that meet your skills, aspirations and preferences.
people_verifying_people
Verified hiring teams
See actual hiring teams, find common social connections or connect with them directly. No 3rd party agencies here.
ai_chip
Move faster with AI
We use AI to get you faster responses, recommendations and unmatched user experience.
21,01,133
Matches delivered
37,12,187
Network size
15,000
Companies hiring
Did not find a job you were looking for?
icon
Search for relevant jobs from 10000+ companies such as Google, Amazon & Uber actively hiring on Cutshort.
companies logo
companies logo
companies logo
companies logo
companies logo
Get to hear about interesting companies hiring right now
Company logo
Company logo
Company logo
Company logo
Company logo
Linkedin iconFollow Cutshort
Users love Cutshort
Read about what our users have to say about finding their next opportunity on Cutshort.
Subodh Popalwar's profile image

Subodh Popalwar

Software Engineer, Memorres
For 2 years, I had trouble finding a company with good work culture and a role that will help me grow in my career. Soon after I started using Cutshort, I had access to information about the work culture, compensation and what each company was clearly offering.
Companies hiring on Cutshort
companies logos