AppScan Product _Lead Security Expert _Remote Location

Greetings from “HCL Software” Is a Product Development Division of HCL Tech!!

"HCL Software”: - Is a Product Development Division of HCL Tech: That operates its primary Software Business. At HCL Software we Develop, Market, Sell and Support over 20 Product families in the areas of Customer Experience, Digital Solutions, Secure DevOps, Security & Automation.

About AppScan Product: -"HCL AppScan"

Work Preference: Hybrid Or Remote.

Job Summary

We are looking for a Lead Security Expert with 10+ Yrs experience in our AppScan Product team who possess the following skills:

Key responsibilities include: -

- Discovering new vulnerabilities in application source code.

- Developing automatic vulnerability detection procedures.

- Demonstrating familiarity with at least one programming language (e.g., Java, C/C++, .NET) and multiple operating systems/RDBMS.

- Providing security guidance for our products across new programming languages and frameworks.

- Innovating and improving the security logic of AppScan products.

- Collaborating with AppScan Research Lab teams.

- Analysing AppSec results and identifying false positives.

- Prioritizing high-priority issues based on severity and likelihood of exploit.

- Understanding remediation techniques for various languages and frameworks.

- Executing Source Code Analysis, Reverse Engineering, and Threat Modelling.

Desired skills and experience:

- Experience with Static Analysis (SAST) tools and triaging application security results.

- Proficiency in security remediation techniques and secure coding best practices.

- Expertise with security standards like OWASP Top 10 and CWE/SANS Top 25.

- Ability to articulate security threats to developers or auditors.

- Ability to identify and provide examples of false positives and negatives in source code.

- Experience with multiple operating systems and software attack/exploitation techniques.

- Familiarity with defensive programming concepts.

Advantageous skills:

- Experience with scripting or query languages (e.g., JavaScript, Python).

- Experience creating Data and Process Flow diagrams.

- Knowledge of Taint Analysis.

- Experience with Architectural Risk Analysis, Threat Modelling, and Traceability Matrix.

- Experience with reverse engineering and source-level analysis.

- An academic degree in Computer Science.

- Relevant certifications (e.g., OSWP, OSCP).

Other beneficial skills:

- Security analysis of popular APIs/frameworks.

- OO design skills, API/Framework analysis, Data Structure Algorithms/Graph Theory/Cryptography.

- Experience with Opensource/Software Composition tools, Threat Modelling, or network security.

- Membership in security-focused groups.

- Professional or academic experience with Machine Learning or AI.

- Knowledge of Networking, Telecommunications technologies, and protocols.

- Strong reporting, presentation, and communication skills.

- Experience working with distributed cross-functional teams and identifying/escalating risks.

- A bachelor’s degree in computer science or equivalent.