SME - Web App firewall, Cloud Security, Palo Alto Firewalls
India
Apply now
Job Description
SME - Web App firewall, Cloud Security, Palo Alto Firewalls
Greater Noida, Uttar Pradesh

Job Summary

Job Summary : Application Security Engineer The Application Security Engineer (Threat Modeling) operates as a mid-level individual contributor focused on securing our business-standard web applications. In this role, you will own the day-to-day security-by-design initiatives by systematically applying the STRIDE methodology to identify architectural flaws before code deployment. You will collaborate directly with product engineering teams to uncover and mitigate Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege risks.

Job Description : Professional Skills\\\\r\\\\n• Independent Execution: Ability to manage multiple threat modeling projects concurrently with guidance only on highly complex architectures.\\\\r\\\\n• Engineering Empathy: Skill in collaborating constructively with software engineers, offering practical remediation advice rather than just pointing out flaws.\\\\r\\\\n• Clear Communication: Ability to articulate technical security risks and their direct business impacts clearly in both written reports and verbal discussions.\\\\r\\\\n

Key Responsibilities

Job Responsibilities : Key Responsibilities • Conduct STRIDE Assessments: Independently perform threat modeling on core web applications, APIs, and microservices using the STRIDE framework. • Deconstruct Web Architecture: Analyze data flow diagrams (DFDs), component architecture, and trust boundaries to map out potential attack paths. • Define Actionable Requirements: Translate STRIDE findings into clear, developer-friendly user stories and acceptance criteria within Jira or engineering backlogs. • Track Mitigation Lifecycles: Monitor the implementation of security controls (e.g., proper encryption, secure session handling, robust logging) and verify remediation. • Maintain Threat Repositories: Keep threat models up to date as application features evolve, maintaining a clear picture of the application\'s risk posture.

Skill Requirements

Skill Requirement : • Web App Security Expertise: Solid understanding of web technologies, HTTP protocols, browser security (CORS, CSP, SameSite cookies), and the OWASP Top 10. • Practical STRIDE Skills: Demonstrated experience breaking down functional application designs into STRIDE categories to catch flaws early. • Modern Development Stack: Familiarity with standard web stacks (e.g., React, Node.js, Java, .NET) and modern CI/CD software pipelines. • Threat Modeling Tooling: Hands-on experience with tools like the Microsoft Threat Modeling Tool, OWASP Threat Dragon, IriusRisk, or similar diagramming solutions.

Other Requirements

Other Requirement : Technical Qualifications • Experience: 3 to 5 years of experience in Application Security, Product Security, or software development with a heavy focus on security design. • Web App Security Expertise: Solid understanding of web technologies, HTTP protocols, browser security (CORS, CSP, SameSite cookies), and the OWASP Top 10. • Practical STRIDE Skills: Demonstrated experience breaking down functional application designs into STRIDE categories to catch flaws early. • Modern Development Stack: Familiarity with standard web stacks (e.g., React, Node.js, Java, .NET) and modern CI/CD software pipelines. • Threat Modeling Tooling: Hands-on experience with tools like the Microsoft Threat Modeling Tool, OWASP Threat Dragon, IriusRisk, or similar diagramming solutions.
Apply now
Information at a Glance

Why HCLTech?

At HCLTech, you'll supercharge your potential. You'll find your career. And you'll find your spark. All at a place that knows that helping its customers stay on top starts by putting its people first.

HCLTech is a global technology company, home to more than 226,300 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud and AI, powered by a broad portfolio of technology services and products. We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2025 totaled $14.5 billion.
23 Benefits At HCLTech, we believe in empowering our employees with comprehensive benefits that support their professional growth and enhance their well-being. When you sign up for a career with us, you gain access to: https://rmkcdn.successfactors.com/147eb21f/a701dca9-f32d-4fc9-9447-6.svg Industry-benchmarked compensation https://rmkcdn.successfactors.com/147eb21f/b0c54381-ddcc-4a33-9b35-9.svg Best-in-class healthcare benefits https://rmkcdn.successfactors.com/147eb21f/b73027be-7aae-4d36-a090-4.svg Personal time off https://rmkcdn.successfactors.com/147eb21f/d5b4fdfd-2e99-4e26-9878-9.svg Maternity and paternity benefits https://rmkcdn.successfactors.com/147eb21f/3d42b0fc-4652-435a-9ece-c.svg Access to skills / higher education programs/resources https://rmkcdn.successfactors.com/147eb21f/aeddeaf2-9e25-4584-ad11-d.svg Discounts on products and services via Benefit Box https://rmkcdn.successfactors.com/147eb21f/a9609a3b-2700-4b3c-9d90-a.svg Participate in CSR programs and live life with a purpose https://rmkcdn.successfactors.com/147eb21f/c6e33851-710f-4634-bd69-f.svg Opportunities to grow and advance your career Note: The benefits listed above vary depending on the nature of your employment and the country where you work. Some benefits may be available in some countries but not in all.