Job Summary
Job Description:
In this role as an Application Security Engineer, you will conduct security assessments for products and solutions. You will collaborate with various cross functional teams and help to create, define, and implement security controls and security tooling in conjunction with internal product development and devops teams.
Responsibilities
• Evaluate security postures and provide recommendations for improvement and risk reduction for Mobile Platforms (IOS/Android), AI Systems, Internet of Things.
• Support engineering and development teams in implementing, maintaining and troubleshooting application security tooling automation for SAST, DAST, MAST (iOS and Android), OSS, API, etc.
• Implement security modules, tools, and programing code snippets when needed.
• Participate in deep dive architectural discussions of new or existing applications, software, and services.
• Apply cryptographic primitives and protocols for authentication, authorization and data protection.
• Recommend and manage transmission protection requirements for all environments (e.g., systems, applications, containers) such as encryption, SSL certificate management, RSA key pairs, etc.
• Continually evaluate new threats and attacks specific to Mobile Platforms, IoT, and AI Systems to identify the impact on business and help to develop and implement appropriate security controls.
MUST HAVE SKILLS:
- Bachelor’s degree in Computer Science or related fields
- Eight or more years of relevant work experience.
- Experience with mobile application security testing, mobile code analysis, vulnerabilities evaluation and remediation.
- Experience with performing security assessment for secure deployment of large IoT, mobile and/or AI systems.
- Experience with Secure SDLC including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development.
- Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: PKI, X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.
- Understanding of various types of Exploits, Threat Modeling, and Attack surfaces
DESIRED SKILLS:
- Development experience in Swift, Java, Scala, Python, C/C++ or other languages and the ability to solve complex operational issues.
- Mobile, IoT or AI application development experience is highly desirable
- Experience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMP
- One or more of the following certifications: Certified Ethical Hacker, Python Institute Certifications, C++ Institute Certifications, Mobile Application Penetration Tester (eMAPT), ISC2 Certified Information Systems Security Professional (CISSP), or other Security Certification
Key Responsibilities
2. To train and develop team so as to ensure that there is an adequate supply of trained manpower in the said technology and delivery risks are mitigated.
3. To ensure knowledge up-gradation and work with new technologies so that the solution is current and meets quality standards and the client requirements.
4. To gather specifications and deliver solutions to the client organization based on understanding of a domain or technology.