Job Category : Security Engineer
Travel Required : No
Working Hours : Regular
Experience/Salary Range : 3 to 6 Years

Job Description


  • OWASP – A thorough understanding of OWASP top 10 web application security risks & hands-on experience in identifying & analyzing these risks/vulnerabilities through dynamic security test tools
  • Threat Modelling – Threat Playbook/ThreatSpec/Microsoft Threat Modelling Tool
  • Application/Code Scanning
  • Static Code Analysis – SonarQube / Bandit
  • Dynamic Security Analysis – Burp Suite / OWASP ZAP
  • Web Application Firewall – ModSecurity / Cloudflare
  • Vulnerability Assessment & Management Tool – Archery Security Tool / JackHammer / DefectDojo
  • Pre-Commit Hooks – Talisman / GitSecret / TruffleHog / Git Hound
  • Software Composition Analysis – OWASP Dependency Check / RetireJS
  • Artifacts Management – Jfrog Artifactory / Nexus
  •  Infrastructure Scanning – OpenVAS / Anchore / DockScan, Technical Skills (Good to Have), CEH (Certified Ethical Hacker)
  • CISSP (Certified Information Systems Security Professional)”.


  • Solid history of designing, developing, or customizing application authentication and authorization systems.
  • Understanding of the OWASP Top 10 application security risks and how to address them.
  • Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
  • Strong working knowledge of enterprise software technologies, application security, and infrastructure.
  • Working knowledge of Microsoft Azure or other cloud computing platform offerings and security related services.
  • Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
  • Core understanding of web application security scanning software and related penetration testing tools
  • General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls etc.
  • Solid understanding of cloud architecture as well as on premise IT landscape.
  • General understanding of regulatory compliance and how it relates to application security and privacy.
  • Applicable certification strongly preferred (e.g.,etc.) or obtained within 6 months of employment
  • Strong communication skills, both written and verbal.
  • Good presentation skills.
  • Ability to articulate technically advanced issues to all audiences.
  • Highly seasoned in organizational, time management, decision making and problem solving skills
  • Ability to mentor and train internal and client teams.
  • Ability to work under pressure, establish priorities and respond with urgency.