Requirements
Security Engineer with a strong background in Java (Full Stack) based Software Development, Spring MVC, Spring Boot, Spring Security, Hibernate including secure software development practices.
Hands-on experience in source code reviews, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and API security.
8+ years of experience
5+ Years in development experience in designing and deploying software systems in Java, building robust and high-availability systems for critical business operations
Minimum 3+ years of experience in designing and implementing security solutions for Java-based applications and APIs.
Understanding of Cryptography and implementation experience of the same.
Deep understanding of secure coding standards and vulnerability remediation.
Exposure to microservices development.
Key Responsibilities:
Ensure the security robustness of applications by promoting integration ofsecurity into the software development lifecycle (SDLC) by providing necessary inputs to the development team.
Participate in threat modelling and security design reviews.
Conduct manual and automated source code reviews to identify security vulnerabilities and coding issues.
Integrate and manage SAST tools (e.g., SonarQube, Fortify, Checkmarx) within CI/CD pipelines.
Analyse the Application Security Test reports and identify and eliminate possible false positives reported. If required coordinate with development team to confirm before elimination.
Collaborate with Development teams to remediate vulnerabilities and implement secure coding practices.
Ensure API security through proper authentication, authorization, rate limiting, and input validation.
Coordinate withSoftware Developers in validating and mitigating observations in DAST assessments using tools like WebInspect, Burp Suite, OWASP ZAP, etc.
Mentor junior developers on secure coding standards and best practices.
Stay updated with the latest security trends, vulnerabilities, and mitigation techniques.
Required Qualifications:
B.E./B.Tech. in CS/ IT/ ECE/ EEE, MCA, M.Sc. CS/IT fulltime course from a reputed institute with a good academic track record.
8+ years of experience in Java development with a focus on secure coding including designing and implementing security solutions.
Strong understanding of OWASP Top 10, CWE, and other security frameworks.
Experience with SAST/DAST tools and interpreting their results.
Familiarity with API security standards (e.g., OAuth2, JWT, OpenAPI).
Experience with DevSecOps practices and CI/CD integration.
Preferred Qualifications:
Certifications such as OCJP, CSSLP (ISC2), OSCP(OffSec).
Exposure to secure SDLC frameworks and governance, such as OWASP SAMM and the NIST SSDF.
Exposure to microservices deployments in east-west and north-south traffic preferred.
Exposure containerization and orchestration technologies, including Docker and Kubernetes, for deploying and managing scalable, secure, and resilient applications in distributed environments.
Last date to apply would be as 13-12-2025.