AppScan Product _Lead Security Expert _Remote Location

Greetings from HCL Software Is a Product Development Division of HCL Tech!!

\"HCL Software: - Is a Product Development Division of HCL Tech: That operates its primary Software Business. At HCL Software we Develop, Market, Sell and Support over 20 Product families in the areas of Customer Experience, Digital Solutions, Secure DevOps, Security & Automation.

About AppScan Product: -\"HCL AppScan\" is a comprehensive suite of Application Security Solutions for developers, DevOps, security teams and CISOs, with on-premises, on cloud, and hybrid deployment options. The suite includes various security tools that offer features such as vulnerability scanning, code analysis, and real-time threat detection, providing significant benefits in protecting software applications throughout their lifecycle. Office Location: HCL Software, Bangalore.

Work Preference: Hybrid Or Remote.

Job Summary : -

We are looking for a Lead Security Expert with 10+ Yrs experience in our AppScan Product team who possess the following skills:

Key responsibilities include: -

- Discovering new vulnerabilities in application source code.

- Developing automatic vulnerability detection procedures.

- Demonstrating familiarity with at least one programming language (e.g., Java, C/C++, .NET) and multiple operating systems/RDBMS.

- Providing security guidance for our products across new programming languages and frameworks.

- Innovating and improving the security logic of AppScan products.

- Collaborating with AppScan Research Lab teams.

- Analysing AppSec results and identifying false positives.

- Prioritizing high-priority issues based on severity and likelihood of exploit.

- Understanding remediation techniques for various languages and frameworks.

- Executing Source Code Analysis, Reverse Engineering, and Threat Modelling.

Desired skills and experience:

- Experience with Static Analysis (SAST) tools and triaging application security results.

- Proficiency in security remediation techniques and secure coding best practices.

- Expertise with security standards like OWASP Top 10 and CWE/SANS Top 25.

- Ability to articulate security threats to developers or auditors.

- Ability to identify and provide examples of false positives and negatives in source code.

- Experience with multiple operating systems and software attack/exploitation techniques.

- Familiarity with defensive programming concepts.

Advantageous skills:

- Experience with scripting or query languages (e.g., JavaScript, Python).

- Experience creating Data and Process Flow diagrams.

- Knowledge of Taint Analysis.

- Experience with Architectural Risk Analysis, Threat Modelling, and Traceability Matrix.

- Experience with reverse engineering and source-level analysis.

- An academic degree in Computer Science.

- Relevant certifications (e.g., OSWP, OSCP).

Other beneficial skills:

- Security analysis of popular APIs/frameworks.

- OO design skills, API/Framework analysis, Data Structure Algorithms/Graph Theory/Cryptography.

- Experience with Opensource/Software Composition tools, Threat Modelling, or network security.

- Membership in security-focused groups.

- Professional or academic experience with Machine Learning or AI.

- Knowledge of Networking, Telecommunications technologies, and protocols.

- Strong reporting, presentation, and communication skills.

- Experience working with distributed cross-functional teams and identifying/escalating risks.

- A bachelors degree in computer science or equivalent.