Application Security Lead
Calix
8 - 10 years
Bengaluru
Posted: 16/01/2025
Job Description
Role Description
The Application Security Specialist should have at least 8-10 years of experience in Application Security domain and engaging with Architects, Technical Leads, Security Champions from Development teams to ensure the security and privacy needs are considered well in advance during the product development cycle.
In this role, you will be responsible for analysing the security of applications and services, vendor-provided solutions, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will design and develop process and workflow to perform dynamic application security testing (DAST) assessment on networks, host, cloud and mobile applications.
Roles & Responsibilities
- Subject Matter Expertise - Act as SME and provide technical leadership to AppSec domain mainly Host level Security, Fuzz Testing, Web Applications and API Security with Pen Test knowledge. Support SCA and DAST scan operations include scoping, Scan Setup, Scan Validation and post-scan activities like prioritization & reporting.
- Vulnerability Management - Conduct regular vulnerability scans and assessments across the organization’s product landscape. Analyze vulnerabilities and threats, providing detailed insights that enable proactive risk reduction, determine their potential impact, and ensuring compliance with industry standards
- Tools Engg – Deploy and manage SCA / DAST / FUZZ Security Tools which may include configuration and deployment of tools along with plugin / test suite deployment for specific set of vulnerabilities. Work with the product teams to finalize the API contracts and SUT details for every release for testing.
- Security Posture - Work with Product Security leadership to mature the Application Security Posture Management (ASPM) including reporting and remediation guidance in alignment with regulatory requirements. Ability to identify security gaps / deficiencies and recommend corrective action of identified vulnerabilities and weaknesses.
- Vendor Management - Communicate with vendors on scan performance, Scan configurations, false positive analysis, feature requests, version upgrades, etc. Monitor vendor communities for latest updates on troubleshooting tools / issues and open support queries with the vendor as necessary.
Qualifications:
- 8-10 years' Application Security experience with a minimum of 6 years of experience in SCA / DAST tools such as Burp Suite, Netsparker Invicti, Snyk, etc.
- Hands-on experience in testing web applications, APIs, mobile applications to identify vulnerabilities and weaknesses.
- Build and Maintain Integrations for DevSecOps utilizing SCA tool and SCM with planned cadence along with configuring the policy violation alerts both from license as well as security viewpoint.
- Experience in managing exceptions, risk register and make recommendations to Security Requirements. Knowledge of managing end of life or obsolete component disposal would be a plus.
- Knowledge of coding vulnerabilities, frameworks, patching processes, Information Security risk and industry best practices, defence concepts, risk-based assessment approach
- Knowledge of OWASP Top 10, SANS Top 25 to identify vulnerabilities via manual and automated tests along with capability to effectively remediate the same.
- Understands the principles of secure coding techniques and secure code reviews, code scanning software and vulnerability code scanning processes, network protocols and connectivity.
- Working knowledge of other security domains like Cryptography, Identity and Access Management, Threat and Vulnerability Management is desirable.
- Develop processes and improvements around toolsets along with technical guides / documentation for toolset features and best practices
- Exposure to Hardware and Firmware Analysis like reverse engineering for decoding binaries / messages and related tools
- Lead fuzz testing activities by implementing custom fuzzers using industry standard tools & frameworks like OSS-Fuzz, LibFuzzer, etc to effectively unearth vulnerabilities and bugs in software components.
- Deep knowledge of CVE, CWE, CVSS, and common vulnerability classes.
- BA/BS degree in computer science, engineering, or information security. Desirable - one or more security certifications: CEH, CISM, CISSP
- Must have excellent verbal, written and presentation skills. Ability to work in a fast paced and highly collaborative environment.
About Company
Calix, Inc. is a cloud and software platform company headquartered in San Jose, California. It specializes in providing cloud-based software, systems, and services that enable broadband service providers to simplify operations, deliver exceptional subscriber experiences, and grow their businesses. Calix’s solutions focus on empowering communication service providers to optimize their networks, leverage advanced analytics, and create personalized customer experiences. Known for its innovation in broadband technology, Calix helps its clients transition to next-generation networks, ensuring scalability, efficiency, and improved customer satisfaction.
Services you might be interested in
One-Shot Campaign
Reach out to ideal employees in one shot!
The intelligent campaign for reaching out to the ideal audience to whom you can ask for help (guidance or referral).