Member of Technical Staff - Information Security at EdgeVerve Systems Ltd

Job Objective

As a Product Security Engineer, you'll play a vital role in ensuring the security of our products, particularly those catering to the financial domain. You'll be responsible for overseeing vulnerability assessments, penetration testing, and contributing to a secure development lifecycle

Key Responsibilities

• Conduct vulnerability assessments and penetration testing on a wide range of critical web applications.
 Leverage SAST and DAST tools to identify and analyze security issues, recommending effective remediation strategies.
• Design and implement secure software systems, ensuring that security is an integral part of the software design process.
• Collaborate with the development team to apply secure design principles and patterns.
 Identify potential security vulnerabilities during the design phase and propose secure solutions.
• Perform security assessments of web services and APIs, including identity and token authentication and authorization mechanisms.
• Deep dive into existing implementations to thoroughly assess security posture.
• Collaborate with the development team to implement secure architecture and design principles.
• Stay up to date on emerging threats like DDoS, ransomware, and supply chain attacks, and implement countermeasures.

Qualification
• 4- 6 years of experience in product and application security with production/cloud experience
• Thorough understanding of HTTPS, TLS 1.2, TLS 1.3, and public/symmetric key cryptography.
• Proficiency in security tools like Burp Suite, Nmap, ZAP, Black duck Hub, NVD, and CVE/CWEs.
• Knowledge of secure implementations on cloud platforms.
• Experience with one or more of the following:
>Front-end technologies such as Angular, React, or JavaScript.
>Back-end technologies such as Java, Node.js, TypeScript, Spring, or C
Bonus Points
Experience in the financial domain.
Experience with OWASP Top 10, SANS Top 25, BDH, and Palo Alto advisories.