Security Engineer

• Conduct manual and automated code reviews to identify security vulnerabilities, focusing on OWASP Top 10, CWE Top 25, and business logic flaws.
  
• Integrate security controls across all stages of the Secure SDLC, from development to deployment. Work with developers to ensure vulnerabilities are caught before code is pushed to production by integrating security checks into the CI/CD pipeline.
  
• Conduct regular security reviews, threat modelling, and risk assessments for applications and infrastructure.
  
• Ensure timely patching, vulnerability mitigation, and compliance with internal security policies.
  
• Work closely with development teams to promote secure coding practices and perform Security Code Reviews (SCR).
  
• Contribute to continuous improvement of DevSecOps pipelines, documentation, and security automation.
  
• Track vulnerabilities identified through security tools and ensure that they are promptly prioritized and remediated.

• Configure, automate and maintain scanning tools like CNAPP Orca, Prisma cloud etc. Or any other on-premise scanning tools applicable.
  
• Automate and maintain security scanning pipelines using tools like SonarQube, OWASP ZAP, Burp Suite Enterprise, Snyk, Trivy, or Checkmarx.
  
• Automate security scans within the build and deployment pipeline (e.g., using Jenkins, GitLab CI, GitHub Actions).
  
• Ensure proper data encryption in transit and at rest and validate key/certificate rotation practices.
  

• Collaborate with developers, DevOps, and security teams to integrate security into the development process.
  
• Collaborate with DevOps and infrastructure teams to ensure runtime hardening, log integrity, and secure configuration baselines in on-premise deployments.
  
• Provide support and mentoring to junior team members on secure coding practices and the use of security tools.

• Ensure code complies with relevant regulatory and security standards such as PCI-DSS, ISO 27001, and internal security policies. Act as first technical responder for product-related incidents; perform root-cause analysis and coordinate patch release within defined SLAs.
  

• Participate in incident response activities and collaborate with teams to remediate identified vulnerabilities

Requirements

• Educational Background: Bachelor’s degree in computer science, Information Security, or a related field.
  
• Experience: 3–4 years of hands-on coding (to fix or co-fix vunerabilites) experience in Application Security, code review, security architecture. Experience in DevSecOps will be added advantage
  
• Strong knowledge of Secure SDLC methodologies and security automation.
  
• Experience integrating SAST, DAST, and SCA tools within CI/CD pipelines.
  
• Good understanding of VAPT processes and coordination with pen testing teams
  
• Technical Proficiency: Strong understanding of programming language Java is must
  
• Proficiency in scripting languages (Python, Bash, or PowerShell).
  
• Understanding of OWASP Top 10, CWE, and common vulnerability management frameworks.
  
• Well versed with Security Frameworks: Industry standards and frameworks such as OWASP, NIST, and SANS.
  
• Soft Skills: Strong communication and interpersonal skills to collaborate with cross-functional teams and stakeholders.
  
• Cloud Security Knowledge: Experience with cloud platforms like AWS, Azure, or GCP and understanding of cloud security best practices.

Benefits

• Cashless medical insurance for employees, spouses, and children
  
• Accidental insurance coverage
  
• Life insurance coverage
  
• Retirement benefits including Provident Fund (PF) and Gratuity
  
• ESI*
  
• Sodexo benefits for income tax savings
  
• Paternity & Maternity Leave Benefit
  
• National Pension Saving