The Application Security Engineer will be in charge of assessing the security of different types of applications developed by Schlumberger teams or acquired from 3rd party vendors. Work with company development teams or vendors to detect, prioritize and remediate security flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls. Strives to develop a security-oriented mindset throughout the application development cycle from concept phase through testing and implementation. The engineer will be required to analyse various data security, authentication/authorization, encryption, application level security and auditing requirements and recommend security mitigations and solutions that integrate with the business.
- Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
- Perform application security assessment for web, mobile, cloud, thick client and IoT applications
- Perform web services (APIs) penetration testing and analyse communications between client and servers
- Work with development teams and IT staff to review application code and configuration for possible security risks
- Manage application security assessment requests from multiple locations, plan and prioritize testing activities
- Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
- Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing,
- attack surface evaluation, threat modelling and security design reviews
- Collaborate with development teams across multiple locations to prioritize and remediate vulnerabilities throughout the application lifecycle
- Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
- Check separation of duties and access controls, review accounts management and check SSL certificates
- Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
- Experience in using Docker containers or deploying apps using Kubernetes
- Experience with open-source technologies and cloud services
- Adaptable and willing to learn new technologies, keeps abreast of key developments in relevant technologies
- Applicants must be fluent in English and Hindi.
- Offer technical support where needed such as developing software for our back-end systems, building infrastructure for QA Automation
- Work with CI and CD tools, and source control such as GIT and Azure DevOps
- Some experience with Application Security/DevSecOps/Secure code practices
- Strong experience with Linux-based infrastructures and cloud infrastructures: Linux/Unix administration, and AWS/GCP/Azure.
Qualification & Experience:
- 5-7 years’ experience in application security assessment
- Bachelor’s or Master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.) or equivalent experience
Vacancy Type: Full Time
Job Functions: Information Technology
Job Location: Navi Mumbai, Maharashtra, India
Application Deadline: N/A