2+ SANS Jobs in India

Job Description:

Experience - 5 to 8 years

Role - Senior consultant

Work mode - Hybrid (3 days WFO)

Location - Bangalore / Pune

JOB DESCRIPTION :

Application Security Specialists are instrumental in fortifying the security framework that underpins the software delivery processes of our clients. These experts thrive in collaborative settings, engaging with diverse teams across various disciplines to pinpoint and mitigate vulnerabilities in code, systems architecture, and infrastructure. With a profound technical acumen rooted in security practices and a keen understanding of agile methodologies, they advocate for security integration as a fundamental aspect of software development. Their work transcends mere compliance; it is about embedding a culture of security that aligns with agile and DevOps philosophies, ensuring that security measures enhance, rather than hinder, organizational objectives. By guiding teams and clients through the nuances of security

Automation and best practices, Application Security Specialists not only safeguard digital assets but also champion a mindset where security and development go hand in hand towards achieving superior outcomes.

Job Responsibilities:

As an Application Security Specialist , you will play a crucial role in enhancing our software delivery process's security posture.

Embed security throughout the software delivery lifecycle, ensuring secure application development from start to finish.

Build and define comprehensive security practices tailored to our delivery methodologies.

Automate and optimize security measures in line with the application lifecycle, ensuring efficient and effective security protocols.

Serve as a consultant and advisor to both the delivery team and clients, providing expert guidance on security best practices and risk mitigation strategies.

Work closely with delivery, DevOps and Cloud teams to identify and reduce risks associated with code development, system architecture, and infrastructure.

Job Qualifications:

Preferred to have BFSI experience

Experience as a security engineer with direct involvement in working with delivery teams to identify vulnerabilities in code and systems architecture.

Demonstrated experience with implementing security automation and familiarity with agile development methodologies.

Ability to collaborate effectively with software product delivery teams, speaking their language and working towards common goals.

Technical Skills:

In-depth knowledge and experience with OWASP and SANS standards.

Proficiency in manual and automated penetration testing tools and techniques.

Experience with SAST, DAST, Dependency checking, and container vulnerability

assessment tools such as Checkmarx, Burp, ZAP, Fortify, Trivy, etc.

Knowledge and experience in password/secret management tools and techniques.

Understanding of DevSecOps and experience in security automation.

Comprehensive understanding of web technologies, common web frameworks, their vulnerabilities, and mitigations.

Basic understanding of firewall, virtualization, container, networking, and OS security.

Knowledge of cloud security best practices and basic knowledge of cloud providers like AWS, Azure and GCP.

Professional Skills:

Excellent communication and interpersonal skills, with the ability to manage relationships at senior levels of leadership.

Strong consulting skills, including the ability to promote security awareness and influence

decision-making.

Ability to anticipate problems and understand the long-term implications of decisions and

actions. Experience in developing security testing plans and integrating them into the software development lifecycle.

Preferred Skills:

Experience with manual and automated security code review.

Basic knowledge of security policies and standards such as PCI-DSS, ISO 27001 (ISMS), and GDPR.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools