Senior Security Engineer-Remote-Application Security, DASt SAST,

Role & responsibilities

• Perform Grey box /white box penetration testing using tools and Manual methods , up to date expertise on vulnerabilities , exploits in real time
• Perform in a Security Engineer drive security architecture of the cutting-edge technology underlying web and services to define and implement secure by default and defense in depth strategies
• Partner with the developer teams developing our services and contribute security expertise to the architecture and design of Audible systems.
• Design, implement and maintain system(s) and or tool(s) to provide assurance around Cloud security controls (AWS)
• Responsible for deploying, configuring, and maintaining security baselines within the AWS cloud environment.
• Expertise in any of the programming language Scala, NodeJS , C# or Java .
• Apply cloud security knowledge of the latest industry trends and best practices to support deployment of cloud-based solutions.
• Implement core and cloud infrastructure security to manage risks and exposure.
• Conduct Proof of Concepts (POCs) and assist in production implementations.
• Analyze network architectures and topologies to assess security risks.
• Perform cyber reconnaissance to discover potential attack surface areas.
• Apply your security and business knowledge to drive secure and pragmatic improvements broadly to Audible services, making technical trade-offs between short versus long term security and business goals
• Consult on and provide security requirements for critical projects and initiatives.
• Initiate and conduct project security reviews to identify cloud infrastructure security risks.
• Conduct technical research when necessary to contribute to cloud security direction and strategic planning.
• Provide guidance and best practices to other engineering teams on Cloud security best practices.
• Hands on experience in Terraform coding and Penetration testing
• Knowledge in OWASP, NIST, CIS security frameworks for web and API design

Required Qualifications:

• Bachelors degree or higher.
• 5+ years AWS cloud security experience with building, delivering, and managing PaaS architectures.
• Experience in applying security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code (Terraform), Container Security, DevSecOps and CI/CD Implementation, tools integration
• 3+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services.
• Demonstrated industry level security competence via the attainment at least one high-level profession security certification such as ISC2 CISSP, GIAC Security Essentials Certification (GSEC), GIAC Penetration Tester Certification (GPEN), GIAC Web App Pen Tester (GWPN).
• Excellent understanding of network concepts including firewalls, routing, NACLs, segmentation, remote access, proxy, transport protocols, Application security , OWASP , SANS
• Knowledge of application development, systems engineering, and network engineering to develop security requirements and best practices and enterprise risk assessment methodologies.
• Ability to multi-task across systems and roles, as needed.

Preferred Qualifications

• Bachelors or Master degree in Computer science , Cyber Security
• AWS Certified Security–Specialty certification, CISSP,OSWE
• At least two year experience using Python, or Java to automate operations or security functions.
• Experience with Authority to Operate (ATO) processes and documentation, SSPs, Security Controls.
• Expertise in Application penetration testing , real-time exploit scripting, tool experience
• Location requirements: India.

Preferred candidate profile