View All Jobs

Application Security Engineer

Ind - Gurgaon, HR

Job Description:

 

The Application Security Engineer position is a hands-on role that involves evaluating and enforcing application security in all phases of the software development life cycle. This position will work closely with our development teams to define the application security best practices, perform software architecture and design reviews, conduct white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

 

What You Will Be Doing

  • Conduct architecture and design reviews with development/DevOps staff; help implement security code analysis tools and framework.
  • Conduct white box security testing to assess and validate application security.
  • Define, maintain and enforce application security best practices. Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
  • Monitor and track progress of found vulnerabilities.
  • Issue reports on assigned application and system scans.
  • Perform Secure Code Development Training to developers and relevant staffs.
  • Ability to self-direct, and provide direction/guidance to individuals or small teams. Prior experience decomposing larger objectives into smaller, defined tasks.
  • Contribute, influence, and provide security controls and requirements to various business units and product lines within Cvent. Act as the authority and Subject Matter Expert in security architecture.

 

What You Need for this Position

  • Bachelor’s degree in an Information Technology related field of study or equivalent experience, plus 3-5 years of relevant work experience
  • Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
  • Knowledge of cloud-based infrastructures and how they affect security needs (familiarity with Amazon Web Services is a plus)
  • Basic to intermediate knowledge of SQL and prior experience with programming in one or more server-side technologies such as Java, JSP, Javascript , PHP, ASP.Net etc.
  • Experience with application security code review practices and methods
  • Experience using vulnerability assessment tools/platforms such as Burp Suite, Paros, Samurai WTF, BackTrack, Charles, and metasploit.
  • Excellent problem solving and analytical skills; outstanding oral and written communication skills
  • Strong working knowledge of enterprise web technologies, application security, and infrastructure desired.
  • Knowledge of the Microsoft Security Development Life Cycle (SDLC). Experience conducting secure code development training, and Agile software methodologies.
  • Core understanding of web application security scanners and related penetration testing tools like Burp Suite, Charles, metasploit.
  • Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
  • General knowledge of networking concepts like TCP/IP, UDP, HTTP, TLS, SSH, DNS, firewalls, etc.
  • Understanding of the OWASP Top 10 application security risks, malware such as worms, virii, Trojans and how to address them.

 

 

Skills & Requirements Qualifications