Senior Cyber Security Engineer - Manual Code Review

The Secure Code reviewer would be responsible for analyzing false positives/true positives in the source code using manual and automated tools and guide Dev teams with security best practices. As a Senior Security Engineer, you will work closely with the internal Product and Technology, to improve controls and drive impactful change to the team and HighRadius. You will also help build and align to the roadmap and vision of the function and be responsible for delivering them.

The position also requires working closely with senior leadership globally to oversee day-to-day matters, troubleshoot issues, proactively identify new opportunities, and drive initiatives through to completion.

Responsibilities:

• Perform code review and ability to understand security issues, interact and explain security risks to development teams.
• Use automated and manual code review techniques to identify application security vulnerabilities.
• Document vulnerabilities and collaborate with the application team to help provide code snippets to remediate the findings.
• Good understanding of supported frameworks and cleansers functions that tool supports.
• Good understanding on core security mechanisms, crypto libraries and server side security
• Implement Code Review Checklist
• Consult with different Product teams for secure product development, review of their security concerns/remediation.
• Take responsibility to produce high quality secure code, apply application security principles in development stage
• Perform code reviews, use SAST for Static Code Analysis and fix all security issues
• Provide security mentoring and training to peers and other colleagues in the organization.
• A strong understanding of secure development life cycle, application security frameworks and various regulatory requirements.

Requirements:

• 5-8 years of security experience with 1-2 years of experience in SAST
• Expertise in conducting Peer reviews and walks through sessions on the work of another team members to provide better quality deliverables
• Experience in using Secure Code guidelines during development stages, take responsibility for producing secure and high quality code
• Experience in SAST tools like HP Fortify, Checkmarx and Veracode.
• Any security certifications is a plus. OSCP, OSWE, GWAPT, CISSP, CSSLP or GPEN. preferred.
• Knowledge of Secure Software Development Lifecycle (S-SDLC).
• Experience with Static and Dynamic code analysis.
• Familiarity with OWASP Code Review guide and Static Analysis Tools
• Good understanding of OWASP Top 10, CVSS, ASVS, WSTG, STRIDE & CWE Top 25.
• Expertise in Databases like MySQL, SQL Server, NoSQL, etc. Strong object oriented design techniques, and reusable component design
• Familiar with JavaScript Web UI Libraries, Frameworks (Angular, ReactJS, etc.) and Toolkits
• Highly proficient with development languages including Java/J2EE, experience in using Java Web Application framework such as Spring, Spring boot, Node.js
• Automation skills (Python, Bash/Shell scripting)
• Understanding of GIT source control
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Desired to have hands-on experience in Cloud Technologies - AWS, GCP certifications are preferred.
• Desired to have hands-on experience in Container Technologies - Dockers, Kubernetes, scalable infrastructure.