Application Security Engineer
We are looking for an experienced, motivated, and energetic Application Security Engineer who will be part of a fast-paced team. You will perform application security assessments, validate vulnerability scans, perform code and architecture reviews, and serve our software and DevOps engineers by providing help and guidance in secure software development.
- Review, validate, and triage scan results from SAST, SCA, DAST, and IAST tools, and coordinate with engineering to ensure findings are remediated.
- Administer, configure, and support application security testing tools.
- Support efforts to research and vet new AST tools as needed.
- Continuously shift left to anticipate, catch, and/or mitigate security flaws as early as possible in the SDLC.
- Forever learn; stays current on application security tools, practices, and methodology.
- Partner with DevOps and other engineering team members to ensure code is secure before it goes into production. Design and implement automated DevSecOps practices into product CI/CD pipelines and cloud environments.
- Design and implement software changes to support alignment with compliance standards (SOC2 HIPAA, PCI, etc.).
- Advocate for and improve security throughout the SDLC.
- Provide training and mentorship on secure coding best practices to engineering team members.
- Be a champion of security within the organization by defining best practices and pushing for both technical and cultural change.
- Act as a subject matter expert in secure engineering practices. Consult with development to provide mentorship and recommend secure design patterns.
- Remain ahead of emerging and active threats: review and apply the latest security research / threat intelligence.
- Support 3rdparty pen testing engagements as needed for compliance, etc.
- Flexibility to work across other Application defense areas like WAF (Web Application Firewall), API Security, etc
- Flexibility to work across development teams in India and US and be a trusted partner with the Engineering teams.
- 1-3 years of experience in software engineering.
- Experience with one or more major programming languages (C#/. NET, Java) and scripting languages (e. g., bash, PowerShell, and/or Python).
- Solid understanding of the full web application technology stack, from front-end JavaScript and SPA architecture to server-side business logic and relational/NoSQL databases.
- Must be able to work well with software development teams.
- Understanding of SDLC and Agile/Scrum process frameworks, and ability to advocate for and shepherd application security initiatives within that context.
- Familiarity with application security testing approaches (SAST, DAST, IAST, etc. ) and tools (Burp Suite, ZAP, SonarQube, Rapid7 InsightAppSec, Synopsys Coverity, etc. ).
- Familiarity with DevOps and CI/CD platforms, tools, and best practices, such as Docker, Kubernetes, IaC.
- Familiarity with cloud service providers and their offerings, especially Microsoft Azure and IBM Cloud.
- Familiarity with API security best practices.
- Understanding of industry compliance standards, such as HIPAA and PCI DSS.
Data Modeler
We are looking for Data Modeler engineers to be a part of our growing and fast-paced team.
- At least 2-3 years of experience working on data modeling-related work.
- Proficient with Entity-Relationship Diagrams (ERD) and Dimensional Modeling (Star and Snowflake schemas).
- Proficient in SQL.
- Proficient in MSSQL and/or Snowflake.
- Experience using GitHub for version control and collaboration in data projects.
- Experience with Jira for task management and task tracking.
- Familiarity with DBT (data build tool).
- Flexibility to work across development teams in India and US and be a trusted partner with the Engineering teams.