Greetings everyone,
We hope you are staying safe. We are hiring a Security Engineer to join our Digital Engineering team.
Who are we?
For the past 20 years, we have powered many Digital Experiences for the Fortune 500. Since 1999, we have grown from a few people to more than 4000 team members across the globe that are engaged in various Digital Modernization. For a brief 1 minute video about us, you can check https://youtu.be/uJWBWQZEA6o.
What are we looking for
Security Engineer
Responsibilities:
- Conduct web application security testing on the applications and report the findings to Leadership / Management / Development teams
- Understand the security issues reported by InfoSec teams and work with development teams to make them understand and fix.
- Evangelize application security concepts within development community to help preventing the security vulnerabilities in first place.
Required Skills
- Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
- In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
- Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,
- Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.
- Bachelor's Degree in Computer Science or equivalent experience.
- Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment
Desired Skills:
- Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID, OAuth protocols, etc.
- Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques, digital signatures, JWS/JWE tokens, Hardware Security Modules (HSMs), etc.
- Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
- Well known Security certifications is an added advantage
- Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
- Mobile Application Security familiarity is desirable.
Thanks & Regards
Praveen Paila
Praveen.pa@photon.com