We are looking for a Software Security Specialist to work as part of our Development and Delivery teams in India. The role involves participation in Product Development, Deployment and Support phases to ensure secure software development and compliance to security standards including ISO 27001.
Key tasks include:
- During Development phase:
- Understand the product architecture, design and implementation.
- Identify security gaps in existing product by auditing and performing standard tests in-house.
- For identified security gaps in the product, provide solutions to developers to close gaps.
- Review the design changes and implementation for any new requirement from a security perspective to ensure strong security compliance.
- During Deployment and Support phases:
- Implement the necessary configuration within the OS and application layer to secure our platform in a heavily regulated environment.
- Perform security audit of our solutions installed at customer locations.
- Discuss and resolve any issues which may be identified in customer audits or penetration tests.
- Create standard instructions for Security hardening for Cerillion deployments
- During Sales phase:
- Help pre-sales team fill in security related responses to RFIs
Discuss security matters with potential customers to assure them our system is secure
Minimum of 6 years of experience working with software systems at O.S., Network, Database and application level with at least 4 years of that in Software security domain. Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security
Competencies/capabilities – technical/professional
- Extensive experience of 6-8 years in Vulnerability Assessment and Penetration testing, Web Application security
- Solid understanding of OWASP, secure coding and security testing.
- Strong understanding of OWASP top 10.
- Understanding of ISO 27001 from a software perspective
- Strong experience in auditing companies and systems for compliance to OWASP, ISO 27001
- Experience in automated web application vulnerability scanners like Burp Suite, HP web inspect OWASP ZAP etc.
- Strong technical skills to understand software systems and vulnerabilities at API level, database level, network level, O.S. level, application level etc.
- Applied knowledge of encryption technologies and standards.
- Ability to discuss and negotiate with customers about on security issues in these areas.
- Knowledge of standard Penetration tests at OS, Network, Database level etc.
Educated to degree level or better