Application Security Engineer Job in Bangalore at Clinisys

Clinisys is hiring for the role of Application Security Engineer!

Responsibilities of the Candidate:

• Suggesting and implementing with best security practices within software development lifecycle (SDLC).
• You will responsible for setting up security controls and design requirements during the software creation and development stage of the software lifecycle.
• You will also participate in related business and security projects.
• Developing and maintaining software application security policies and procedures Developing and maintaining documentation of application security controls · Implementing software application security controls
• Designing technical solutions to address security weaknesses
• Analyzing system services, spotting issues in code, networks and applications
• Following security best practices in performing tasks
• Providing technical leadership, guidance, and direction to the application security team
• Participate in and support application security reviews and threat modeling, including code reviewand dynamic testing.
• Support and consult with product and development teams in the area of application security.
• Assist in development of automated security testing to validate that secure coding best practices are being used · Assist in creation of security training
• Provide leadership for application vulnerability scanning and penetration testing remediation
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
• Prepare security reports for benchmarking security efficiency.
• Act as a technical point of contact during escalated security events.
• Responsible to manage Cybersecurity incident response.
• Participate in the change management board, ensuring security is a consideration in all changes.
• Provide support to the Information Security Manager on all application security activities
• Determines security violations and inefficiencies by conducting periodic audits. · Provide evidence to the auditee for the Information Systems audits when needed. Essential Functions
• Work closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks
• Security code reviews: Identify security vulnerabilities in source code before an application is deployed to production
• Exploit security flaws and vulnerabilities with attack simulations on network as well as multiple application platforms like Web, iOS, Android and cloud platform. · Support the bug bounty program.
• Perform application security vulnerability management using tools like (Acunetix, Veracode etc.)
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
• Understanding of patch management. Working the patch management team to analyze the risk of the breaking the environment with installing the patch. And also ensure deployment of patches in a timely manner while understanding business impact.
• Investigate security breaches and other cybersecurity incidents. · Stay up to date on information technology trends and security standards.

Requirements:

• Excellent analytical skills, with an ability to translate business needs into practical security posture.
• Familiarity with common security libraries, security controls, and common security flaws · Strong analytical and problem-solving skills · Automation enablement to reduce testing workloads
• Rapid decision-making to prevent delayed releases due to security issues
• Basic development or scripting experience and skills
• A good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols). ·
• Experience working with development team.
• Knowledgeable with Anti-Virus, HIPS, ID/PS, Full Packet Capture, RSA Security · Familiarity with ISO 27001, SOC 2, NIST 800-53 or other security frameworks
• Ability to prioritize more than one task at a time
• Assist in root cause analysis for incident management
• Must have excellent written and spoken communication skills with the ability to explain technical information to non-technical people.
• Willing to work non-standard hours and be on-call.
• Required Experience & Education
• Bachelor’s degree in Information Technology, Computer Science
• 2 years of experience in information security industry 
• Experience with vulnerability scanning tool and solutions.
• Experience with OWASP, static/dynamic analysis, and common security tools Experience with Microsoft Windows, Linux, and macOS.