About This Team
YOU as a Lead Product Security Engineer will have the opportunity to collaborate with the brightest engineering minds and work on innovative product security areas.
Job Description
You are/have worked on Threat Modelling, Source Code Review, Penetration Testing and performing security analysis on existing or new products. Provide security guidance and input to product engineers. You have worked on problems of varied scope independently and able to drive strategy for Product Security in the limited scope of work and provide general guidance and/or direction on routine work to achieve overall program performance, schedule, and quality standards.
Position Overview
Lead Product Security Engineer is responsible for leading and executing the Security Development Lifecycle (SDL) for Cloud Software Group On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness and drive and execute SDL best practices.
Duties and Responsibilities
- You will be responsible for leading and executing the Secure Software Development Lifecycle (SSDLC) for Cloud Software Group On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness.
- You will provide guidance to product development teams on design changes as per security requirements.
- Manual Source Code Review primarily C and C++ programming languages.
- Crash Exploitability Analysis - Analyze Crashes to Find Security Vulnerabilities using tools such as gdb (Good to have).
- Execute the penetration tests internally to identify security vulnerabilities.
- Identify opportunities to prevent security problems at scale, Develop prototypes to prevent these security problems.
Basic Qualifications
- 10+ years of experience in a software security role such as blue team.
- You have a Full-time degree in Engineering (Preferably Computer Science related).
- You are an expert in at least one of these areas in security - Unix System, Network, Cryptography.
- Strong C, C++ skills, Linux - Linux knowledge (low level preferred).
- Good knowledge of Networking (TCP/IP) and other protocols like HTTP/S, DNS, et.al.
- Basic understanding of File system concepts.
- Experience with object-oriented design concepts.
- Debugging Skills like GDB, core dump analysis and understanding Makefile concepts.
- Extensive knowledge of common vulnerabilities - able to explain and remediate the OWASP Top 10 vulnerabilities across multiple programming languages.
- Reverse Engineering (Good to have).
- Fuzzing using tools such as AFL, Peach (Good to have).
- Deep understanding of application architecture and design principles.
- Experience in design review and threat modelling activities.
- You are capable of writing exploits for vulnerabilities identified in those respective areas.
- Have excellent capabilities to identify security vulnerabilities and perform root cause analysis.
- Good to have certifications such as OSCP, OSCE, GPEN, CRTP etc.