Application Security Engineer Job in Schlumberger Limited.

Job Summary

The Application Security Engineer will be in charge of assessing the security of different types of applications developed by Schlumberger teams or acquired from 3rd party vendors. Work with company development teams or vendors to detect, prioritize and remediate security flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls. Strives to develop a security-oriented mindset throughout the application development cycle from concept phase through testing and implementation. The engineer will be required to analyse various data security, authentication/authorization, encryption, application level security and auditing requirements and recommend security mitigations and solutions that integrate with the business.

Key responsibilities

• Perform application security assessment for web, mobile, cloud, thick client and IoT applications
• Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
• Perform web services (APIs) penetration testing and analyse communications between client and servers
• Check separation of duties and access controls, review accounts management and check SSL certificates
• Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
• Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
• Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
• Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
• Manage application security assessment requests from multiple locations, plan and prioritize testing activities
• Collaborate with development teams across multiple locations to prioritize and remediate vulnerabilities throughout the application lifecycle
• Work with development teams and IT staff to review application code and configuration for possible security risks

Essential qualifications

• Bachelors or Masters Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.) or equivalent experience
• 5-7 years experience in application security assessment
• Applicants must be fluent in English and Hindi.
• Knowledge of scripting languages such as Java, JavaScript, Perl, Ruby, Python, PHP, Groovy, Bash.
• Experience with open-source technologies and cloud services
• Strong experience with Linux-based infrastructures and cloud infrastructures: Linux/Unix administration, and AWS/GCP/Azure.
• Work with CI and CD tools, and source control such as GIT and Azure DevOps
• Offer technical support where needed such as developing software for our back-end systems, building infrastructure for QA Automation
• Experience in using Docker containers or deploying apps using Kubernetes
• Some experience with Application Security/DevSecOps/Secure code practices
• Adaptable and willing to learn new technologies, keeps abreast of key developments in relevant technologies

Schlumberger is the world's leading provider of technology for reservoir characterization, drilling, production, and processing to the oil and gas industry. We have more than 20 years of experience in delivering world-class service to our customers through integrated projects. These projects range from basic service coordination through to complete development and abandonment of fields. To meet the growing needs of our business we are encouraging applications from experienced professionals who share our passion for delivering excellence in all aspects of project delivery.

Schlumberger is an equal employment opportunity employer. Qualified applicants are considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or other characteristics protected by law.