This job ad has been posted over 30 days ago...



Software Engineer- Security Full-time

at Nykaa in Delhi (Published at 27-07-2018)

The Application Security Engineer will play a key role in securing all software built and/or used by
Nykaa. The engineer will work with application development teams as well as 3 rd party organizations to
ensure that security, privacy, and compliance constraints are built into the applications. In addition to securing applications the engineer will be expected to help develop tools and scripts to enhance the security processes and systems at Nykaa. The individual should exhibit the following:
strong interpersonal skills, be highly motivated, results oriented, have excellent communication and presentation skills, and be a strong team player.
1. Perform manual and automated application vulnerability assessments and document
vulnerabilities which were found and provide recommendations for remediation
2. Perform manual code reviews on systems to identify vulnerabilities as a complement to
automated vulnerability assessments
3. Provide security recommendations as a subject matter expert for development teams during all
phases of development
4. Validate vulnerability resolutions and ensure they are deployed to production in a timely
5. Track open issues and follow up to ensure remediation
6. Participate in the change management process ensuring that all releases are reviewed by
security before being approved for production
7. Provide guidance to application groups on application security best practices and fixing
8. Enhance and deliver application security training to Nykaa engineers

1. 4+ years of hands-on application security assessment experience
2. Experience with various programming languages (preferred Java, Python, and JavaScript)
3. Knowledge of web technologies (JavaScript, HTML5, HTTP, REST, SOAP, etc.)
4. Should understand computer network and protocols.
5. Experience performing blackbox/greybox/whitebox security assessments of applications
(application pentests) which use HTTP and/or proprietary protocols.
6. Experience using any one of the tools like Burp Suite, IBM Appscanner, HPE fortify, Qualys,
Nexpose, Acunetix, Nessus, NTO spider or any other Application VAPT tool to perform security
assessments (with a focus on manual testing)
7. Knowledge of the OWASP Testing Framework, OWASP Top 10, WASCTCv2, Sans-Top 25, CWE 25
8. Experience in implementing security assessments within a continuous integration pipeline highly
9. Methodical and organized; able to manage multiple opportunities, projects, and partners
10. Able to multi-task and work independently with minimum supervision to meet firm deadlines
11. Performs other special projects or duties as assigned
12. Understanding of Agile methodologies (Kanban, Scrum, pair programming etc.)

Viewed: 403 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend