Description

Key Skills: OWASP Top 10, VAPT, SSDLC, DevSecOps, SAST, DAST, SCA, Threat Modeling, Java, Python

Good to Have Skills: Knowledge of containerization and orchestration (Docker, Kubernetes), expertise in threat modeling and secure architecture reviews, strong understanding of Agile and secure development practices, familiarity with security tools such as Checkmarx, Burp Suite, Nuclei and AI penetration testing tools. Experience with Azure infrastructure, including compute, networking, storage, and basic security services. Preferred certifications: OSCP, CEH, ECSA, or other industry-recognized security certifications.

Roles & Responsibilities:

• Implement and enforce Secure Software Development Lifecycle practices across all technology projects to proactively identify and mitigate security risks.
• Conduct VAPT for applications, APIs, and desktop applications, aligned with OWASP Top 10 for Web and API Security.
• Perform AI/LLM security testing based on OWASP Top 10 for LLMs to ensure comprehensive security coverage.
• Lead threat modeling using STRIDE methodology and security architecture reviews, ensuring adherence to CIA and AAA principles.
• Perform secure code reviews and manual/automated security testing to identify vulnerabilities and drive timely remediation in collaboration with engineering teams.
• Develop and maintain CI/CD security pipelines using Jenkins-based jobs to integrate security into development workflows seamlessly.
• Support internal and external audits including ISO 27001, ISO 42001, SOC 2, and FedRAMP compliance requirements.
• Collaborate closely with product and engineering teams to drive the product security program objectives and ensure security best practices.
• Communicate security risks effectively to diverse stakeholders and recommend appropriate mitigation strategies for identified vulnerabilities.
• Participate in customer and vendor meetings to address security-related clarifications and issues as required by business needs.

Experience Required: Minimum 5 to 6 years of experience in Product Security

Education: Bachelor/Master Degree in Computer Engineering or Information Science

Key Skills

Education

Any Graduate