WAF Operations and Implementation Support

Sr. Offensive Security Engineer:

Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.

We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security. 

You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.

To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.

WHAT YOU’LL DO:

• Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
• Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings

YOUR QUALIFICATIONS:

• 5+ years of experience in a penetration testing or similar offensive security role
• 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
• 3+ years of experience with dynamic and manual code auditing to identify security issues
• 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
• Experience with threat modeling, design review, or other threat analysis techniques

Bonus points:

• Experience with mobile application penetration testing
• Knowledge of cloud service providers, especially Google Cloud
• Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
• Experience in developing security tooling and automation
• Experience in CTFs, CVE research, and/or Bug Bounty programs

• Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
• Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
• In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
• Proficiency in scripting languages such as Python, Bash, Groovy.
• Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
• Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
• Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
• Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
• Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
• Participate in incident handling and other related duties to support the information security function.
• The ability to learn and apply new concepts quickly
• Strong written and oral communication skills

Application Security Engineer

About us:

Foxit is remaking the way the world interacts with documents through advanced PDF and digital signature technology. We are a leading global software provider of fast, affordable, and secure PDF and digital signature solutions that are used by millions of people worldwide. Winner of numerous awards, Foxit has customers in more than 200 countries and global operations. We have a complete product line and an exciting and aggressive development schedule. Our proven PDF and digital signature technology is disrupting the status quo establishment and has accelerated our company growth. We are proud to list as customers Google, Amazon, and NASDAQ, and with your skills and help, we plan to add many more. Foxit has offices all over the world, including locations in the US, Asia, Europe, and Australia.

For more information, please visit https://www.foxit.com/

You would be working for the product Foxit eSign, India office which is registered with the name of eSign Genie Software Private Limited.

Job Brief

• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e., Requirements review, Design review, Code Review.
• Clear Understanding and Hands on experience on OWASP Top 10 Vulnerability standards like XSS, SQL injection, session hijacking, and authorization bypass vulnerabilities.
• In-depth research on Web security, familiar with the origin of various Web security problems and solution, having a tracking of Security threats of network.
• Expertise in testing web application vulnerabilities and Network related vulnerabilities.
• Practical understanding and use of commercial application security tools
• Knowledge of the Vulnerability Fixations.
• Hands on development using Java / J2EE
• Solid understanding and experience with establishing application security policies across an organization.
• Good Documentation, reporting, Strong communication, and collaboration skills with various levels of executives from top management to technical team members across the organization.
• Strong self-starter who can operate independently.

What we offer you

• The chance to contribute to the creation of a sophisticated and appealing product, built from scratch with a fresh, global team!
• A fast, flexible, and rewarding incubator-like environment but with the solidity and seriousness of large and stable company in the background
• Be part of the exquisite team that will shell out the next big Foxit product all eyes on us!
• A Pluralsight subscription
• Competitive remuneration package

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Perform Mobile Application Security Testing

- Scan Network for Security Vulnerabilities

- Co-ordinate with the clients for Project related queries

- Undertake meeting with the client teams for discussing security issues and recommendations

- Create detailed security reports

- Keep track of project progress & send regular updates

- Research on Open source security tools & new security topics

• Web Application Security – OWASP Top 10
• Mobile Application Security – Mobile OWASP Top 10
• Threat Modelling
• Risk Rating Frameworks
• Web Traffic Interception (For Web/Mobile apps)
• SSL
• Network Concepts
• Web Development Basics - HTTP/HTML/JavaScript
• Basic Mobile Application Concepts (either Android or IOS)

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!