Basic Qualifications:

• B.Tech. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner.
• 7+ years of relevant engineering or security assessment experience, experience in application security.
• Possess a broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks.
• Experience with Java, Go, Python or Node.js (bonus points for more than one).
• Experience with assessing with Cloud-native services, service meshes, and K netes-platform based micro-services.
• Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks.
• Be able to think both offensively (like a hacker) and defensively (evaluating product security and design)
•  ---- What the Candidate Will Do --- 
• You have great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry. If you enjoy discussing anything from procedural linking tables in kernels to remote code execution in JVMs, then we want you on the team. 
• Familiarity with industry-standard threat modeling, risk modeling and vulnerability classification.
• Experience with pre-assessment architectural and API analysis to scope and prepare white-box and grey-box assessments.
• Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle and QA processes

Responsibilities Security Assessments:

• Examine the products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors.
• Be on the forefront of emerging vulnerabilities/threats which could affect Cashfree products through independent research and study. 
• Engage with the developers in developing workarounds/mitigation plan and ensure they are implemented per policy.
• Threat Modelling: Engage with the development teams to conduct secure design reviews/threat modeling exercise to enumerate threats and mitigation strategies.
• Enable the developers with knowledge of threat modeling by conducting focused workshops. 
• Secure Coding: Priorities critical defects and ensure these are identified and mitigated during the sprint.
• Integration and automation of SAST in the DevOps pipeline.
• Build secure coding principles and propagate across the development community.
• Be the to-go person for developers in solving critical issues relating to secure product development.
• Build and enhance secure coding / security assessments training contents for developers and QA team.
• Deliver training programs at various levels in the organizations. 
• Conduct workshops / security tech-talks to disseminate security knowledge and awareness. Qualifications.
• Good knowledge in multiple classes of vulnerabilities that includes cross-site scripting, SQL Injection, CSRF, cryptographic related weakness, and code injection.
• Good knowledge in any programming / scripting languages such as Java, Ruby, and Python.
• Good knowledge relating to services / technology relating to cloud.
• Ability to automate security testing and improve productivity in security assessments.
• Ability to communicate and interpret security vulnerabilities to various audience such as development and management teams.