Senior Application Security Engineer

  • Pune
  • Pubmatic
Role & Responsibilities: Collaborate closely with engineers and software development teams to ensure that security considerations are integrated into the software development process Act as a subject matter expert in secure application development, providing guidance and recommendations for secure coding practices, tools, and techniques Lead the implementation of secure coding practices and standards, ensuring the development of secure software Conduct security assessments, code reviews, and vulnerability scans to identify and address security weaknesses in applications Participate in security incident response efforts, contributing to minimizing the impact of security incidents and facilitating recovery Stay updated on emerging threats and trends in application security, applying this knowledge to enhance our security posture proactively Collaborate with cross-functional teams to ensure that application security is seamlessly integrated into the software development process Set up security tooling and secure defaults to ensure software security best practices Perform architecture analysis, threat modeling and technical design reviews of sensitive features and infrastructure Triage and recommend solutions for security bugs from tools, third party assessments and external reported bugs Participate in Red-Teaming, Blue Teaming exercises Work with Partners to execute VAPT exercises Understanding of security weaknesses, exploits, attacks, and mitigations Experience and enthusiasm for learning about new security products, features, and strategies Coding ability. You will sometimes build proofs of concept or implement automation scripts and scan the codes Experience with most of the following: Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, Security Code Review Provide mentorship and guidance to junior engineers to enhance their understanding of secure coding practices and application security Should be able to conduct security awareness sessions and participate in various security campaigns e.g., Phishing campaigns, Hackathon, security bulletins Strong analytical and problem-solving skills with the ability to assess and mitigate complex security risks and issues and drive security improvements Excellent communication and interpersonal skills to collaborate effectively with teams and articulate security concepts to both technical and non-technical stakeholders Identify and help mitigate security issues, misconfigurations, and vulnerabilities related to PubMatic’s infrastructure Create security policies, standards, procedures, guidelines Drive and participate in different Audits (both Internal and External), RFI’s to support new business initiatives Desired Qualifications: Bachelor’s degree in computer science or related technical field or equivalent practical experience. 10+ years of experience with anti-abuse AppSec, threat modeling, and/or secure architecture. In-depth knowledge of anti-abuse solutions, cloud, application security, network security, and/or infrastructure security. Applied knowledge of securing public and private cloud Ability to perform SAST, DAST, SCA, IAAC scans Experience performing source code reviews across various languages (e.g. Java, Go, C, Perl, PHP, R, Rust, Ruby etc.) Working knowledge of malware detection and best practices Ability to assess engineering designs and architecture diagrams for abuse risks Ability to assess abuse risks within an application of feature Experience communicating abuse risks and roadmaps to senior leadership Experience designing and implementing anti-abuse solutions Hands-on experience on tools like CheckMarx, Invicti, SonarQube, Dependency Track, Vault is a plus Experience contributing to the security anti-abuse community such as presenting at conferences or meetups Relevant certifications (e.g., CISSP, OSCP, CEH, ISO27001, COMPTIA Security+, Cloud+ etc.) are a plus.