US Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 13th Aug 2022
We are looking for an Application Security Engineer with 8+ years of extensive experience & knowledge in developing secure solutions & reviewing security designs for Cloud and hybrid applications.
The individual will possess a strong understanding of application technology stack, public cloud service offerings, development methodologies and their respective security controls. He will also possess a keen eye for detail and be able to identify security issues in application architecture and help provide secured solution options.
Essential Functions:
• Be the representative of the global Application Security Group in the Enterprise Cloud
Migration teams and help build secure cloud solutions from the start.
• Conduct application design reviews being part of the Cloud Migration pods and identify
threats and potential security issues and help the teams design practical secure solution to mitigate the threats.
• Stay current with attacks, industry trends and threat mitigation measures in the application and cloud security space
• Communicate timely and accurately - project related security risks and countermeasures to information to relevant parties
• Be creative and innovate secure solutions when faced with a new challenge
• Create secure patterns and reference architectures
Required Skills/Experience:
• In depth knowledge of OWAP Top 10, SANS CWE top 25, Cloud (Security) Controls Matrix,
NIST Cyber Security Framework (Cloud and Applications), API Security issues and
countermeasures and other application-level risks and attacks.
• Expertise in SAST, DAST, IAST, RASP, WAF and related technologies
• Expertise in application security best practices for public cloud environment, DevSecOps
principles, serverless architecture, microservices and popular open-source frameworks for
Cloud usage (Azure knowledge is a plus)
• In depth knowledge of Container technologies such as Docker, Kubernetes and Container security issues, best practices and Cloud Security tools (e.g. Prisma Cloud)
• Good understanding of CI-CD pipeline tools, processes and CI-CD security controls including infrastructure as code
• Experience in HTML, Java, JavaScript, and .Net, and scripting languages like Python, C Shell, Perl etc.
• Overall good understanding of Authentication and Authorization protocols, Cryptography, key management, logging, network security controls, secure configuration settings etc.