Security Engineer - VAPT (7-10 yrs)

Key Responsibilities :

Application Security (AppSec) :

- Conduct security reviews (static/dynamic analysis - SAST/DAST) of application code and designs throughout the SDLC.

- Perform penetration testing and vulnerability assessments of web and mobile applications.

- Work with development teams to remediate identified security vulnerabilities and implement secure coding best practices.

- Integrate security tools and processes into CI/CD pipelines (DevSecOps).

Cloud Security (CloudSec) :

- Design, implement, and enforce security controls within our cloud environments (AWS, Azure, or GCP).

- Conduct cloud security assessments, configuration reviews, and identify misconfigurations.

- Monitor cloud security posture, analyze logs, and respond to security incidents in cloud infrastructure.

- Manage identity and access management (IAM) policies, network security groups, and encryption strategies in the cloud.

Security Audits & Compliance :

- Assist in security audits, compliance assessments (e.g., SOC2, ISO 27001), and risk management activities.

- Develop and update security policies, procedures, and guidelines.

Incident Response (Basic) :

- Participate in security incident response activities as needed, including investigation and containment.

- Promote security best practices and conduct security awareness training for development and operations teams.

- Evaluate, implement, and manage security tools and technologies.

Required Skills & Qualifications :

Experience : 3 to 7 years of hands-on experience in Information Security, with a focus on Application Security and/or Cloud Security.

AppSec Expertise :

- Familiarity with common web application vulnerabilities (OWASP Top 10) and mitigation techniques.

- Experience with SAST/DAST tools (e.g., SonarQube, Fortify, Checkmarx, Burp Suite).

- Understanding of secure coding principles in at least one programming language (e.g., Java, Node.js, Python).

CloudSec Expertise :

- Hands-on experience securing resources on at least one major cloud platform (AWS, Azure, or GCP).

- Knowledge of cloud security services (e.g., AWS WAF, Security Hub, Azure Security Center, GCP Security Command Center).

- Understanding of cloud networking, identity management (IAM), and data encryption in cloud environments.

- Security Fundamentals : Strong understanding of fundamental security concepts (e.g., authentication, authorization, encryption, network security).

- Vulnerability Management : Experience with vulnerability assessment and management.

- Scripting : Basic scripting skills (e.g., Python, Shell) for automation of security tasks.

- Problem-Solving : Excellent analytical and problem-solving skills, with a proactive approach to security challenges.

- Communication : Strong verbal and written communication skills to explain technical security concepts to diverse audiences.

Education : Bachelor's degree in Computer Science, Information Security, or a related engineering field.

Preferred Qualifications :

- Relevant security certifications (e.g., OSCP, CEH, CompTIA Security+, CCSK, CCSP, AWS/Azure/GCP Security Specialty).

- Experience with DevSecOps practices and integrating security into CI/CD pipelines.

- Knowledge of container security (Docker, Kubernetes).

- Familiarity with compliance frameworks (e.g., GDPR, HIPAA).

- Experience with penetration testing methodologies and tools