Application Development Security Engineer

Job Description

Application Development Security EngineerAs an Application Development Security Engineer, you will lead the Application Security in all areas of security including but not limited to the area of vulnerability, security exploits, attack vectors, data privacy/pro lection and more for the R3D Software products de/doped in Kolkata. You will work hand-in-hand with Lexmarks global security team on one hand in formulating common approach, standards practices and with Kolkata Application development and test teams on the other hand to provide hands-on technical leadership in the architecture, design, implementation and testing of application security.A successful candidate for this position will have excellent communication skills, a strong understanding of application security & data privacy and the ability to lead cross-functional teams. The person in this role will help Lexmark India R3D development teams proactively address security and data privacy in application development with architecture, design, implementation, test and risk assessments guid ance. The person in this role will help developers to perform security checks on their applications using Shift Left principles.As an Application Development Security Engineer, atypical day might include Providing design level and code level expertise to the teams for security and data privacy Reviewing and overseeing application design and implementation for security and data privacy Overseeing implementation of static and dynamic application security Interpreting the results of penetration tests and security scans to provide risk-based recommenda tions for remediation Consulting with development teams on security readiness for deployment* Providing technical consultancy for Projects/ Applications from Security perspective Assessing security risks of identified technical issues and recommending mitigation options Goings through logs, debug data etc. for major security related issues Actively reviews and tracks Security defects to help progress issue analysis Signing off applications from Secured software checkpoint perspectiveThis Job Might Be For You If You Have 10+years of software development experience out of which 5+years of experience in application security and data privacy with Enterprise level applications Experience with application security penetration testing and performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications Expertise on a variety of software languages such as Java. .Net. Python. FHP Expertise in enterprise application development and design, including REST APIs, database, messag ing, and other related technologies Expertise with the Software Development Lifecycle (SDLC) and associated tools (Git. Jenkins. Jira) A deep understanding of common application vulnerabilities, including OWASP Top 10 Experience writing enterprise security standards, policies and coding guidelines Knowledge of MITRE AT TSK. OS. OWASP and other threat, risk and vulnerability frame.vorks Expertise with security technologies, processes, and concepts such as symmetric and asymmetric cryptography. TLS. Authentication and Authorization. Static Code Analysis, fuzz testing BS in Computer Science. Engineering. or related technical field; may be substituted with equivalent practical experienceBonus Points For: Experience securing Docker, Kubernetes, or other containerization technology Knowledge of open source code security tools like Black Duck, Veracode SCA, or other softwarecomposition analysis technology Network+, Security+ or CISSP, OSCP, GWAPT, GPEN, GXPN, CEH or other security certifications Key Skills: Application Development Security EngineerAs an Application Development Security Engineer, you will lead the Application Security in all areas of security including but not limited to the area of vulnerability, security exploits, attack vectors, data privacy/pro lection and more for the R3D Software products de/doped in Kolkata. You will work hand-in-hand with Lexmarks global security team on one hand in formulating common approach, standards practices and with Kolkata Application development and test teams on the other hand to provide hands-on technical leadership in the architecture, design, implementation and testing of application security.A successful candidate for this position will have excellent communication skills, a strong understanding of application security & data privacy and the ability to lead cross-functional teams. The person in this role will help Lexmark India R3D development teams proactively address security and data privacy in application development with architecture, design, implementation, test and risk assessments guid ance. The person in this role will help developers to perform security checks on their applications using Shift Left principles.As an Application Development Security Engineer, atypical day might include Providing design level and code level expertise to the teams for security and data privacy Reviewing and overseeing application design and implementation for security and data privacy Overseeing implementation of static and dynamic application security Interpreting the results of penetration tests and security scans to provide risk-based recommenda tions for remediation Consulting with development teams on security readiness for deployment* Providing technical consultancy for Projects/ Applications from Security perspective Assessing security risks of identified technical issues and recommending mitigation options Goings through logs, debug data etc. for major security related issues Actively reviews and tracks Security defects to help progress issue analysis Signing off applications from Secured software checkpoint perspectiveThis Job Might Be For You If You Have 10+years of software development experience out of which 5+years of experience in application security and data privacy with Enterprise level applications Experience with application security penetration testing and performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications Expertise on a variety of software languages such as Java. .Net. Python. FHP Expertise in enterprise application development and design, including REST APIs, database, messag ing, and other related technologies Expertise with the Software Development Lifecycle (SDLC) and associated tools (Git. Jenkins. Jira) A deep understanding of common application vulnerabilities, including OWASP Top 10 Experience writing enterprise security standards, policies and coding guidelines Knowledge of MITRE AT TSK. OS. OWASP and other threat, risk and vulnerability frame.vorks Expertise with security technologies, processes, and concepts such as symmetric and asymmetric cryptography. TLS. Authentication and Authorization. Static Code Analysis, fuzz testing BS in Computer Science. Engineering. or related technical field; may be substituted with equivalent practical experienceBonus Points For: Experience securing Docker, Kubernetes, or other containerization technology Knowledge of open source code security tools like Black Duck, Veracode SCA, or other softwarecomposition analysis technology Network+, Security+ or CISSP, OSCP, GWAPT, GPEN, GXPN, CEH or other security certifications,

Keyskills :
softwaredevelopmentlifecycle environmentalimpactassessment applicationsecurityassessments opensource dataprivacy musicmaking securitytools applicationdesign andsontechnicalleadership