Job Description Strategy is a pioneering organization dedicated to transforming businesses into intelligent enterprises through data-driven innovation. As a market leader in enterprise analytics and mobility software, we have revolutionized the BI and analytics space, empowering individuals to make informed decisions and reshaping the operational landscape of businesses. Additionally, Strategy is at the forefront of a groundbreaking shift in treasury reserve strategy by boldly adopting Bitcoin as a key asset, solidifying our position as an innovative force in the market. Join us in our mission to redefine financial investment and push the boundaries of analytics. At Strategy, we value our people as the cornerstone of our success. Join a team of smart, creative minds engaged in dynamic projects with cutting-edge technologies. Our corporate values bold, agile, engaged, impactful, and united form the foundation of our culture. As we navigate the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued. Become a part of an organization that thrives on innovation and challenges the status quo every day. Job Location: Pune, India (Full-time in person from Strategy Office, European Hours) Join Strategy's IT Security group as a Senior Application Security Engineer and play a pivotal role in safeguarding Strategy's software applications using modern security and AI tools. In this role, you will be responsible for implementing innovative security practices throughout the software development lifecycle to ensure the resilience of our software products against emerging threats and vulnerabilities. Your responsibilities will include: - Designing and implementing application security architecture and processes aligned with industry best practices and regulatory requirements. - Managing a risk-balanced Secure Software Development Life Cycle (SDLC) by incorporating threat modeling, secure code reviews, and security testing. - Identifying, triaging, and remediating security vulnerabilities through various security testing tools. - Performing advanced penetration testing and red teaming across web, mobile, and cloud applications. - Analyzing source code and providing security recommendations to developers to ensure adherence to secure coding best practices. - Leading and enhancing DevSecOps initiatives by integrating security automation within CI/CD pipelines. - Leading security incident response related to applications and collaborating with engineering teams for effective threat remediation. - Developing and leading customized security training programs for engineering teams. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field. - Minimum 5 years of software development or software security experience in an agile environment. - Hands-on experience with various security testing tools. - Deep knowledge of API security, containerized applications, AI/ML security risks, and infrastructure as code security. - Fluent in programming languages such as Python, Java, JavaScript. - Strong understanding of secure coding principles, application security frameworks, and security standards. - Experience with cloud security best practices in AWS, Azure, or GCP. - Strong interpersonal skills and ability to collaborate effectively with technical and non-technical stakeholders. - Experience mentoring junior engineers and leading security champions within development teams. Join Strategy and be a part of an organization that values innovation, excellence, and collaboration in shaping the future of analytics and financial investment.,
Join our dynamic team at Strategy as an Application Security Engineer and contribute significantly to the protection of our software applications by utilizing modern security practices and AI technologies. In this role, you will be instrumental in incorporating security measures throughout the software development lifecycle to ensure the robustness of our software products against potential vulnerabilities. Your responsibilities will include: Secure SDLC Integration: Collaborate closely with development teams to embed security practices into the software development lifecycle, encompassing threat modeling, secure code reviews, and security testing. Vulnerability Management: Identify, assess, and address security vulnerabilities through static and dynamic application security testing (SAST/DAST) as well as software composition analysis (SCA) tools. Security Assessments & Penetration Testing: Conduct both manual and automated penetration testing of web, mobile, and cloud applications to identify security weaknesses. Secure Code Review: Scrutinize source code and offer security recommendations to developers to ensure compliance with secure coding best practices. Threat Modeling & Risk Analysis: Perform threat modeling to predict potential attack vectors and enhance security architecture. DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating security automation into CI/CD pipelines. Incident Response & Remediation: Aid in investigating security incidents related to applications and collaborate with engineering teams to mitigate threats. Security Awareness & Training: Educate and guide developers on OWASP Top 10, SANS 25, and other security best practices. As an Application Security Engineer at Strategy, you will be based in Pune, India, working full-time in person from the Strategy Office a minimum of 4 days per week. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field - Minimum 2 years of software development or software security experience in an agile environment - Proficiency with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP) - Fluency in one or more programming languages like Python, Java, JavaScript - Strong understanding of secure coding principles and application security frameworks - Knowledge of security tools, standards, and regulations (e.g., OWASP, NIST) - Experience with Generative AI and/or ML for innovative applications and cloud security best practices in AWS, Azure, or GCP - Strong work ethic, effective collaboration skills, and ability to communicate technical concepts clearly Please note that the recruitment process includes online assessments as the initial step (English, logic, design, technical), which will be sent via email. Kindly check your inbox, including the spam folder, for these assessments.,