Lead Application Security Engineer

  • SaaS Operations
  • Hyderabad, India

Lead Application Security Engineer

Job description

About Us

Headquartered in Silicon Valley, with offices located worldwide, OpsRamp is a modern SaaS platform company that’s just entered its next stage of growth with new investment from Morgan Stanley, HPE and Sapphire Ventures. We’re disrupting the $28 billion-dollar market of IT operations management, fundamentally changing how IT teams support the business through infrastructure management.

As one of Forbes’ Top Cloud Computing Companies to Work For, we’re working to upend the old way of discovering, monitoring, managing, and automating IT infrastructure with tomorrow’s innovations like artificial intelligence, cloud capabilities, and more. We’re building the best team of innovators, thinkers, and doers in technology to realize the future of digital operations and bring it to life. It’s truly the dawn of a new era for a major market, and we’re in the center of it. Are you ready to join the future of IT operations?

Requirements

Job Description

Experience Required : 8-12 years

• Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc. 

• Experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, APIs, DAST, SAST etc. 

• Should have performed manual mobile application penetration testing on platforms like Android, IOS, etc – both client and server-side applications. 

• Should have knowledge on Risk Rating Standards like DREAD, CVSS etc. 

• Should have good understanding of web application architecture and Secure development life cycle (SDLC) and 2+yr Experience in Java web application development. 

• Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable. 

• Should have Prepared audit reports and findings tracker sheets for applications. 

• Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization. 

• Perform Black-Box / Grey Box External Network VA/PT assessments following structured phases. - SOC2 Type 2, ISO27001, PCI-DSS. - Experience in security automation and security review in cloud infrastructure. Aws, azure. Certification: OSCP (preferred),OSWE (preferred), CEH , Security+, CCNA security ...etc