Home Credit India is looking for Application Security Engineer who will be responsible for security assessments and penetration testing of application and IT Infrastructure environment as well as to perform security research and providing security solutions, processes, and testing methodologies
- Perform application penetration testing, vulnerability assessments and source code review
- Profile an application, identifying threats, and developing test cases to target identified threats
- Identify and report vulnerabilities in applications and networks
- Manage project timelines, deadlines and expectations - including business, development, Infrastructure and product team interactions
- Prepare reports documenting identified issues and findings tracker sheets for applications
- Interact with Development and product owners in a collaborative manner to deliver results, provide feedback and remediation recommendations on findings
- Research emerging security topics and new attack vectors
- Write tools and scripts to automate technical processes and make assessments more efficient
- Coaching mentoring team members on technical/functional/ operational/ aspects and expertise relevant to Application and Network security assessments
- 2-4 Years of experience required with relevant role in Cyber Security.
- In-depth understanding of security issues, exploitation techniques, and remediation measures
- Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of automated tools
- Development knowledge of any current programming languages
- Strong understanding of software and application security
- Strong oral and written communication skills
- Application Security Assessment – In-depth knowledge of web & mobile application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc.) and Thick client applications, mobile applications, ERP applications (SAP, etc.)
- Experience with analyzing Router, Switches, Firewall rule base focused on security
- Experience in Internal & External Penetration Testing on Network Infrastructure (including
- firewalls, Routers, switches, etc.) including conducting wireless security assessment.
- Certifications like CEH, OSCP, SANS GPEN, CISSP or any other industry accredited security certifications would be preferred
- Understanding of application security guidelines/requirements from OWASP etc.
- Good interpersonal, problem solving, reasoning and analytical skills
- Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
- Should have good understanding of web application architecture and Secure development life cycle (SDLC)