As an Application Security Engineer, you will design, implement and maintain secure software applications. Your primary responsibility is to identify and mitigate security vulnerabilities in the application to ensure confidentiality, integrity and availability of data.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
Essential Duties and Responsibilities
- Identify potential security risks and vulnerabilities in software applications by conducting various security assessments such as thread modelling, penetration testing and vulnerability scanning
- Design and implement security controls such as access controls, encryption and authentication mechanisms to protect application
- Provide guidance and recommendations to developers and project managers on best practices for secure application development and help them understand security requirements.
- Review code to identify security vulnerabilities and ensure that code meets security standards
- Have a background in code development or source code review.
- Experience in using tools like Veracode, Acunetix, SonarQube
- Understand and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF. In-depth knowledge of OWASP Top 10 and CWE Top 25
- Good experience on SAST and DAST
- Knowledge on database security testing.
- Can lead major security initiatives and drive projects to completion
- Have a deep knowledge of key security concepts such as authentication, authorization, encryption, role-based access control, and security by design
- Have the ability to explain sophisticated security problems and provide expert advice on secure design practices
- Good to have knowledge of HIPAA
- Excellent written and verbal communication skills
- Sharp analytical abilities and proven design skills
Work location is Hyderabad, Telangana