AppScan Product _Lead Security Expert _Remote Location

Greetings from “HCL Software” Is a Product Development Division of HCL Tech!!"HCL Software” : - Is a Product Development Division of HCL Tech : That operates its primary Software Business. At HCL Software we Develop, Market, Sell and Support over 20 Product families in the areas of Customer Experience, Digital Solutions, Secure DevOps, Security & Automation.About AppScan Product : -"HCL AppScan" is a comprehensive suite of Application Security Solutions for developers, DevOps, security teams and CISOs, with on-premises, on cloud, and hybrid deployment options. The suite includes various security tools that offer features such as vulnerability scanning, code analysis, and real-time threat detection, providing significant benefits in protecting software applications throughout their lifecycle. Office Location : HCL Software, Bangalore.Work Preference : Hybrid Or Remote.Job Summary : -We are looking for a Lead Security Expert with 10+ Yrs experience in our AppScan Product team who possess the following skills : Key responsibilities include : Discovering new vulnerabilities in application source code.- Developing automatic vulnerability detection procedures.- Demonstrating familiarity with at least one programming language (e.g., Java, C / C++, .NET) and multiple operating systems / RDBMS.- Providing security guidance for our products across new programming languages and frameworks.- Innovating and improving the security logic of AppScan products.- Collaborating with AppScan Research Lab teams.- Analysing AppSec results and identifying false positives.- Prioritizing high-priority issues based on severity and likelihood of exploit.- Understanding remediation techniques for various languages and frameworks.- Executing Source Code Analysis, Reverse Engineering, and Threat Modelling.Desired skills and experience : - Experience with Static Analysis (SAST) tools and triaging application security results.- Proficiency in security remediation techniques and secure coding best practices.- Expertise with security standards like OWASP Top 10 and CWE / SANS Top 25.- Ability to articulate security threats to developers or auditors.- Ability to identify and provide examples of false positives and negatives in source code.- Experience with multiple operating systems and software attack / exploitation techniques.- Familiarity with defensive programming concepts.Advantageous skills : - Experience with scripting or query languages (e.g., JavaScript, Python).- Experience creating Data and Process Flow diagrams.- Knowledge of Taint Analysis.- Experience with Architectural Risk Analysis, Threat Modelling, and Traceability Matrix.- Experience with reverse engineering and source-level analysis.- An academic degree in Computer Science.- Relevant certifications (e.g., OSWP, OSCP).Other beneficial skills : - Security analysis of popular APIs / frameworks.- OO design skills, API / Framework analysis, Data Structure Algorithms / Graph Theory / Cryptography.- Experience with Opensource / Software Composition tools, Threat Modelling, or network security.- Membership in security-focused groups.- Professional or academic experience with Machine Learning or AI.- Knowledge of Networking, Telecommunications technologies, and protocols.- Strong reporting, presentation, and communication skills.- Experience working with distributed cross-functional teams and identifying / escalating risks.- A bachelor’s degree in computer science or equivalent.