Product Security Engineer

Hiring for a leading American technology company most known for its postage meters and other mailing equipment and services, and with expansions into e-commerce, software, and other technologies.

• Ethically hack applications to find security vulnerabilities.
• Create security solutions in support of product line development.
• Supply expert knowledge in the fields of security, privacy, and identity and the related issues, systems, processes, products, and services and provide security advisory to product development teams.
• Implement proof of concepts of new security technologies that will be incorporated into products.
• Execute the design and implementation of products to ensure appropriate and effective security and data protection controls are included.
• Drive secure software development techniques for applications.
• Execute static and dynamic analysis of software and work with teams on remediation of findings. 

• B.Tech/B.E. OR PG – M.S. / M.Tech
• 2-4 years of Security Experience Required.
• CISSP, CSSLP certifications required, (or is currently using related knowledge in existing projects, ability and existing personal goal to complete certification within six months of hire – this is a must)
• Offensive security experience is MUST; Bug Bounty Hunting experience is preferred.
• Ethical Hacker- should be able to use Automated DAST tools against Web Application, Web Services and Mobile Applications (Android (MUST), iOS)
• Work in SAST tools such as Checkmarx CxSAST, CxOSA, and HP Fortify etc. a big plus
• Demonstrated ability to work in a fast-paced multi-tasking Agile environment
• Demonstrated technical leadership and teamwork skills encompassing internal and external resources.
• Demonstrated excellence in English communication skills with multiple stakeholders: clients, management, employees, and vendors.
• Experience with AWS security features is added advantage
• Experience with Docker security reviews is added advantage
• Experience with Automation using Jenkins/ TeamCity for integration of security tests in CI/ CD
• Network security experience with proxy services and SSL/TLS is preferred.
• Experience with Cloud based WAF & DDOS Solutions.