Security Engineer Job in Xenonstack

Job Summary

We are looking for a Systems Security Expert with emphasis on WLAN/networks/web applications/penetration testing. You must be passionate about security and staying ahead of all possible threats to the system. You will be working with our development team to ensure that our network and technology stack is watertight. You will become thoroughly familiar with our architecture, helping to direct its development. You will provide regular reports of potential vulnerabilities and risk profiles. Good communication skills are critical to efficiently coordinate with our team and build a secure end product.

Responsibilities

• Experience in VAPT Applications, Network, and Cloud Technologies.
• Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)
• Ability to analyse vulnerabilities appropriately characterizes threats, and provide sound remediation advice
• Familiarity with commercial testing applications (i.e. Burp, dbProtect, Acunetix, SonarQube)
• Advanced knowledge of network protocols and network monitoring like "sniffing" (e.g. Wireshark, tcpdump)
• Strong knowledge of tools used for Thick clients, web application, and mobile security testing.
• Hands-on knowledge on OWASP top 10, SANS Top 20. Strong understanding of PCI DSS.
• Coding/scripting experience (Python, Ruby, C, Assembly, Bash, PowerShell, etc.)
• Work with the team to plan, prepare, execute, and summarize the security testing
• Work with team in delivering and implementing consistent test disciplines and processes using associated best practices across the program.
• Knowledge of debuggers, disassemblers, binary patch diffing (e.g. BinDiff).
• Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
• Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
• Security testing- Penetration security/ Infrastructure security/ cloud security/Devsecops security/ Application security

Skills

• Knowledge of administration of Microsoft based systems, Linux/Unix based systems
• Knowledge on network protocols and packet analysis
• Experience with various DBMS.
• Strong written and verbal communication skills
• Experience with incident handling process and procedures
• Understanding and experience with risk and compliance (GRC) concepts / tools.
• Should have Engineering/MCA/Other Security related certifications as base qualifications
• Certifications such as : CISSP, CISA,CISM, CEH, ISO27001:2013 LA
• Hacking skills/penetration security/automation and scripting/security flaw/bug finding/ server hardening- Cross OS/Application security/Infrastructure security

Education

B.E/B.Tech in Computer Science or related technical degree or M.S/M.Tech in Information Security.

Keywords