HCL Software hiring For Product Security Incident Response Engineer

Send resumes to: mounika-d@hcl-software.com

About the Role

We seek an actively-minded and technically, technologically experienced, (3-4 years) PSIRT Engineer. The preferred candidate must possess an effective background in software development, security incident response, and code review to detect the vulnerabilities of the product codebases and third-party integrations.

Key Responsibilities

• Engage in product vulnerability-related security incident response, detection, to resolution.
• Review code routinely to find and prioritise possible weaknesses or bad patterns, or insecure design implementations.
• Evaluate both internal/external vulnerability reports (e.g., bug bounty programmes, disclosures by customers, vulnerability scanners).
• Work with development teams to reproduce, evaluate, and fix reported vulnerabilities.
• Keep the PSIRT process running - monitoring CVEs, arranging vulnerability reporting, and creating advisories.
• Lessons learned and root cause analysis of support to improve post-incident.
• Keep abreast of the most recent vulnerability trends and strategies of attacks and defence.

Required Skills & Experience

• 3-4 years working in Product Security, Application Security, or PSIRT.
• Good knowledge of C, C++, Java, Python, or Go (capable of conducting reviews).
• Familiarity with the use of static and dynamic code analysis tools (e.g., App Scan , Klockworks ).
• Understanding of software vulnerability types (e.g. buffer overflows, XSS, SQLi, CSRF, race conditions).
• Practical implementation of CVSS scoring, CVE management and coordinated disclosure.
• Knowledge in threat modelling and secure development lifecycle (SDLC).
• Sound knowledge of network protocols, APIs and operating systems (Linux/Windows).
• Good communication and documentation expertise to carry out connections between the engineering and product teams.

Preferred / Nice-to-Have

• Work with open-source vulnerability scanning tools (e.g., Snyk, Dependency-Cheque, Trivy).
• Reverse engineering/binary analysis knowledge (e.g. Ghidra, IDA Pro).
• Introduction to incident management models (FIRST, ISO 30111, ISO 29147).
• Certifications such as CEH or Security+ are an advantage.
• Past input to security advisories or open source PSIRT programmes.

Soft Skills

• Critical thinking and detailing.
• Close cooperation and interaction among cross-functional teams.
• Effective prioritisation and handling of several incidents.
• Love for learning and never ending product security.