Job Description

Job Title: Senior Application Security Engineer

• Conduct periodic application security vulnerability scan on Internet facing websites of CNX to identify critical vulnerabilities, outdated software and vulnerable open-source components.
• Conduct manual security assessments and deep-dive analysis to identify vulnerabilities and their public exploitability, clients and corporate critical/sensitive risk exposure.
• Collaborate with respective application team / business team and corporate stakeholders.
• Guide and support remediation consultation with the respective stakeholders.
• Develop compensating/mitigation controls to reduce the risk of exposure by assessing open vulnerabilities that have challenges in remediation due to business and technical dependency.
• Prepare detailed reports, metrics, artifacts, and executive summary.
• Ensure adherence to client and third-party audit requirements.

Position: Senior Application Security Engineer Core Responsibilities:

• Conduct periodic application security vulnerability scan on Internet facing websites of CNX to identify critical vulnerabilities, outdated software and vulnerable open-source components.
• Conduct manual security assessments and deep-dive analysis to identify vulnerabilities and their public exploitability, clients and corporate critical/sensitive risk exposure.
• Collaborate with respective application team / business team and corporate stakeholders.
• Guide and support remediation consultation with the respective stakeholders.
• Develop compensating/mitigation controls to reduce the risk of exposure by assessing open vulnerabilities that have challenges in remediation due to business and technical dependency.
• Prepare detailed reports, metrics, artifacts, and executive summary.
• Ensure adherence to client and third-party audit requirements.

Required Skills/Qualifications

• Bachelor’s degree in a relevant field, or an equivalent combination of education and work experience.
• Knowledge in understanding various domains such as security architecture, system and network security, authentication and authorization protocols, cryptography, and application security.
• Experience with various application security tools including SAST,DAST & Software composition analysis.
• Knowledge in current and emerging security technologies, threats and techniques for exploiting security vulnerabilities in the code or application.
• Experience in analyzing threats of cloud and application components.
• Experience in data security and governance.
• Experience in development and scripting languages (Java, Javascript/Typescript, Python, PHP, AI-ML, MERN).
• Experience with securing API’s to external entities.

Preferred Qualifications:

• 5+ years of experience working in IT and/or IT Security in multiple capacities
• Experience in OWASP Top 10, CVE/CVSS research and/or bug bounty recognition.
• Security certifications such as CSSLP, CISSP, GPEN, ECSA, CEH, CISM, CISA, or equivalent.
• Ability to clearly communicate gaps and risks to leadership through verbal dialogue or written communication.
• Demonstrable teamwork skills and ability to partner in difficult situations.
• Ability to be proactive in a rapidly changing environment.
• Sharp analytical abilities and proven design skills.

Competencies:

• The ability to multitask, work under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential.
• The ability to handle multiple inquiries at any one time, often under considerable deadline pressure.

• The ability to work both independently and as part of a team.

Location: IND Chennai - Fortune Towers Language Requirements: Time Type: Full time