Security Engineer

Security EngineerDescription -Job SummaryThis role is responsible for security assessment of software solutions developed in the organization to ensure applications meet the necessary security requirements. The role is responsible for overall security objectives of the organization but mainly focusing on security testing of applications, creating final reports, following standard operating procedures, educate developers on security issues with the help of frameworks and tools. The role involves working closely with cross-functional teams to understand requirements, provide technical insights, and ensure the successful security assessment of projects.ResponsibilitiesDoes Security testing of portions of web applications, API, thick client applications according to standard methodologies and application specific checklist with appropriate tools while maintaining the delivery timelines.Analyses found security issues for impact and rates the severity accordingly.Retests of previously found security issues and updates the tickets with relevant information.Creates feature specific checklist if required based on the business logic of the feature and test them against security requirements.Identifies opportunities for automation and improvement in tooling used by security team and development teams for security evaluation purposes.Keeps up to date with latest security issues and apply them in the current methodology wherever applicable.Delivers security sessions for developers as a part of security culture and compliance requirement.Participates as a part of the team to deliver on high quality security related initiatives for the organization and team.Collaborates and communicates with stakeholders regarding security issues, their status, project progress, and issue resolution.Develops security tools to automate and improve processes and increase efficiency of testing.Education & Experience RecommendedFour-year or Graduate Degree in Computer Science, Information Systems, or any other related discipline or commensurate work experience or demonstrated competence.Typically has 3-6 years of work experience in web/API application security testing.Preferred CertificationsOSCP/eJPT/eWPT/Burp Suite Certified Practitioner or equivalent (Not required but good to have)Knowledge & SkillsOWASP WSTG MethodologyOWASP TOP 10OWASP API TOP 10Web Security TestingAPI Security TestingBurp SuiteBurp Suite PluginsSQLmapnmapKali LinuxSSDLC in Modern App DevelopmentAgile Development processCI/CD Pipeline understanding.Java/Golang/Python (Programming Language)SonarQube or Veracode or equivalent toolMicroservicesThick client security testing (good to have)Threat modelling (good to have)SQL (Programming Language)Amazon Web ServicesCross-Org SkillsEffective CommunicationProactiveSelf-learningTeam playerLearning AgilityMinimal supervisionImpact & ScopeImpacts immediate team and acts as an informed team member by providing analysis based on available information.ComplexityResponds to routine and ad-hoc requirements within established guidelines.DisclaimerThis job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.Job -SoftwareSchedule -Full timeShift -No shift premium (India)Travel -Relocation -Equal Opportunity Employer (EEO) - HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement