Talent.com
Lead Application security engineer

Lead Application security engineer

Capillary TechnologiesBengaluru, Karnataka, India
15 hours ago
Job description

Capillary technologies is an enterprise-grade SaaS technology provider. We operate in the loyalty domain where we help our customers to better engage their users to enhance their business outcomes.

To provide assurances to our customers, we comply with ISO 27001, PCI & SOC 2 type standards from information security perspective. On privacy front, we comply with Data Privacy laws of the countries (like GDPR, CCPA, etc) where we provide our services.

We are looking for a Lead, Application Security who can drive the application security function to next level resulting in enhanced security of our product

Job responsibilities :

  • Perform design consultation, architecture review, threat modeling, code review, and testing.
  • Assist in the development of test cases, scripts, procedures for automated security testing as part of CI / CD pipeline
  • Perform application vulnerability assessments
  • Analyze output from security tooling and provide guidance to drive remediation
  • Be part of SDLC processes and provide guidance on increasing security review coverage
  • Identify toolsets and vendors, drive adoption and implementation
  • Consult with development and QA staff to remove false positives and prioritize remediation based on security scanning tools output.
  • Perform tasks related to securing and maintaining the security of applications, tools, and processes.
  • Understand industry trends, best practices and look at their implementation in Capillary

Skills And Expertise

  • 6 + years’ progressive experience in application security domain with at least 2 years in a cloud based / SaaS environment
  • Should have coding experience
  • Should have thorough knowledge of cloud computing especially SaaS concepts
  • Should have worked in devsecops function
  • Understanding and familiarity with common code review methods and standards
  • Knowledge of secure coding patterns and pitfalls in multiple languages
  • Demonstrated experience providing security review of web applications, mobile applications, web APIs and cryptography
  • Experience with static analysis and dynamic analysis tools
  • Experience with offensive security tools and methodologies
  • Penetration testing experience, especially at the application level
  • Expertise with development and test toolsets (source code control, build systems, test automation, ticketing systems)
  • Knowledge of OWASP tools and methodologies
  • Knowledge of modern SDLC practices and security touchpoints in Agile and DevOps
  • Good communication and collaborative skills
    • Create a job alert for this search

    Application Engineer • Bengaluru, Karnataka, India