Lead Product Security Engineer

Position Overview

Lead Product Security Engineer is responsible for leading and executing the Security Development Lifecycle (SDL) for Cloud Software Group On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness and drive and execute SDL best practices

Duties and Responsibilities

• You will be responsible for leading and executing the Secure Software Development Lifecycle (SSDLC) for Cloud Software Group On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness.




• You will provide guidance to product development teams on design changes as per security requirements.




• Manual Source Code Review primarily C and C++ programming languages




• Crash Exploitability Analysis - Analyze Crashes to Find Security Vulnerabilities using tools such as gdb (Good to have)




• Execute the penetration tests internally to identify security vulnerabilities




• Identify opportunities to prevent security problems at scale, Develop prototypes to prevent these security problems.

Basic Qualifications

• 9+ years of experience in a software security role such as blue team




• You have a Full-time degree in Engineering (Preferably Computer Science related)




• You are an expert in at least one of these areas in security - Unix System, Network, Cryptography




• Strong C, C++ skills , Linux - Linux knowledge (low level preferred).




• Good knowledge of Networking (TCP/IP) and other protocols like HTTP/S, DNS, et. al.




• Basic understanding of File system concepts.




• Experience with object-oriented design concepts.




• Debugging Skills like GDB, core dump analysis and understanding Makefile concepts.




• Extensive knowledge of common vulnerabilities - able to explain and remediate the OWASP Top 10 vulnerabilities across multiple programming languages




• Reverse Engineering (Good to have)




• Fuzzing using tools such as AFL, Peach (Good to have)




• Deep understanding of application architecture and design principles




• Experience in design review and threat modelling activities




• You are capable of writing exploits for vulnerabilities identified in those respective areas.




• Have excellent capabilities to identify security vulnerabilities and perform root cause analysis.




• Good to have certifications such as OSCP, OSCE, GPEN, CRTP etc.