Talent.com
This job offer is not available in your country.
Senior Engineer - Security Research

Senior Engineer - Security Research

Indus face Private LimitedBangalore
30+ days ago
Job description

Job Description :

  • Create signatures for Indusface WAS & WAF product to detect & protect Web applications vulnerabilities.
  • Research evolving web attacks, CVEs, and evasion techniques targeting web apps and APIs and generate detection logic based on real-world payloads and tools.
  • Build behaviour-based logic, anomaly scoring, and payload inspection for advanced threats.
  • Design and prototype new WAF product security features such as : Bot, DDOS, WAAP, etc.
  • Outstanding problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
  • Drive the end-to-end release process for WAF detection updates and product features.
  • Coordinate with DevOps / Release teams to validate rollout on staging and production.
  • Monitor post-release impact and lead fixes for regressions or tuning issues.
  • Trouble-shooting customer cases & provide timely solutions and write RCAs wherever necessary.
  • Developing Security tools, automation to ease manual / repeated work to increase efficiency in providing the solution.

Candidate Profile :

  • 5-10 years of vulnerability analysis, research and developing IPS / IDS / WAF signature writing experience (Snort experience will be add-on).

    • Good understanding of :

  • Firewalls, proxies, SIEM, antivirus, and IDPS concept
  • Windows & Linux operating systems (REDHAT)
  • Network security, network layers (OSI Layer-3 and Layer-4)
  • Protocols like TCP / IP, DNS, HTTP, HTTPS, SSH etc.
  • Network Penetration testing and techniques
  • Identify and mitigate network vulnerabilities and explain how to prevent them
  • Programming languages like C / C++ or Python

    • Hands-on experience in :

  • Research on 0days, critical vulnerabilities, exploits in wild, discover new vulns
  • Web-app security (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25
  • Network analysis tools like tcpdump, Wireshark, Burpsuite and assisting tools like Debuggers, Hex Editors, etc.
  • Crafting Regular Expressions, Verification & Validation
  • Vulnerability scanners, IDS / IPS, Application Firewall, VAPT tools : Metasploit, Nessus, etc.
  • Analysing existing or writing new POCs
  • DOS attacks, Bot attacks, API based attacks & its exploitation / testing tools
  • Experience with ML-assisted detection or behavioral security models
  • Contributions to open-source security tools or research publications
  • Certifications (e.g., OSWE, GWAPT, CEH, CISSP) are a plus
  • Effective written and verbal communication skills.

    • Good to have :

  • Knowledge on ModSecurity and Rule writing
  • Understanding of Lua, nginx, Apache
  • Developing security related tools / programs.
  • Knowledge on Cloud infrastructure services, Virtualization software (VMWare , Virtual PC / Virtual Box , XEN , etc)
  • Experience in any of Java, Test NG, Linux Scripting, shell scripting, Python, Perl
  • Experience / Knowledge in Amazon Web Services

    • (ref : hirist.tech)

    Create a job alert for this search

    Senior Security Engineer • Bangalore