Senior Application Security Engineer
Bengaluru
Quince
Quince brings luxury products like Mongolian Cashmere, Italian Leather, Turkish Cotton and Washable Silk to everyone at radically low prices. Shop premium essentials with no middleman.
OUR STORYQuince was started to challenge the existing idea that nice things should cost a lot. Our mission was simple: create an item of equal or greater quality than the leading luxury brands and sell them at a much lower price.
OUR VALUESEVERYONE SHOULD BE ABLE TO AFFORD NICE THINGS. Quality shouldn’t be a luxury. We’re proud of our mission to bring the world’s highest quality goods to people at affordable prices.
QUALITY IS MORE THAN MATERIALS. True quality is a combination of premium materials and high production standards.
WE FOCUS ON THE ESSENTIALS. From the perfect crewneck sweater to hotel quality sheets, we're all about high quality essentials that bring enjoyment to daily life.
WE’RE INNOVATING TO MAKE UNREAL PRICES A REALITY. Our uniquely developed factory-direct model lets us offer exceptionally high quality goods for much lower prices than our competitors.
ALWAYS A BETTER DEAL. We believe in real price transparency, for both our customers and factory partners. This way, everyone gets a better deal.
FAIR FACTORIES. We are committed to working with factories that meet the global standards for workplace safety and wage fairness.
OUR TEAM AND SUCCESSQuince is a retail and technology company co-founded by a team that has extensive experience in retail, technology and building early stage companies. You’ll work with a team of world-class talent from Stanford GSB, Wish.com, D.E. Shaw, Stitch Fix, Urban Outfitters, Wayfair, McKinsey, Nike etc.
THE IDEAL CANDIDATEThe ideal candidate is a self-starter, problem-solver and successful in combining technology and data into best-in-class outcomes. The candidate is energized by solving complex business problems and consistently effective in making high-judgment decisions at rapid pace amidst the frequent ambiguity that comes with charting a course of action with no precedent. Moreover, the ideal candidate is energized by an environment where strategy, innovation and decision-making are intentionally distributed, where candor, speed and data are highly valued and colleagues at all levels hold each other to unusually high standards on behalf of Quince customers.
Security Advisory: Beware of FraudsAt Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.
OUR VALUESEVERYONE SHOULD BE ABLE TO AFFORD NICE THINGS. Quality shouldn’t be a luxury. We’re proud of our mission to bring the world’s highest quality goods to people at affordable prices.
QUALITY IS MORE THAN MATERIALS. True quality is a combination of premium materials and high production standards.
WE FOCUS ON THE ESSENTIALS. From the perfect crewneck sweater to hotel quality sheets, we're all about high quality essentials that bring enjoyment to daily life.
WE’RE INNOVATING TO MAKE UNREAL PRICES A REALITY. Our uniquely developed factory-direct model lets us offer exceptionally high quality goods for much lower prices than our competitors.
ALWAYS A BETTER DEAL. We believe in real price transparency, for both our customers and factory partners. This way, everyone gets a better deal.
FAIR FACTORIES. We are committed to working with factories that meet the global standards for workplace safety and wage fairness.
OUR TEAM AND SUCCESSQuince is a retail and technology company co-founded by a team that has extensive experience in retail, technology and building early stage companies. You’ll work with a team of world-class talent from Stanford GSB, Wish.com, D.E. Shaw, Stitch Fix, Urban Outfitters, Wayfair, McKinsey, Nike etc.
THE IDEAL CANDIDATEThe ideal candidate is a self-starter, problem-solver and successful in combining technology and data into best-in-class outcomes. The candidate is energized by solving complex business problems and consistently effective in making high-judgment decisions at rapid pace amidst the frequent ambiguity that comes with charting a course of action with no precedent. Moreover, the ideal candidate is energized by an environment where strategy, innovation and decision-making are intentionally distributed, where candor, speed and data are highly valued and colleagues at all levels hold each other to unusually high standards on behalf of Quince customers.
Required Qualifications (Must have)
- Bachelor’s Degree: A Bachelor's Degree in Cybersecurity, Computer Science, Engineering, Information Technology, or a closely related field is a must.
- Security Standards Knowledge:5 - 8 -years, Strong knowledge of various security standards and best practices. You should have experience in security review production-level services and have worked with consumer-facing E-commerce enterprises.
- Penetration Testing Expertise: You must be an expert in Red/Blue team methodologies or possess relevant experience with modern penetration testing tools.
- Security Issue Debugging: Strong capacity for debugging security issues in web and mobile applications.
- Coding Proficiency: Proficiency in coding, including scripting and programming languages for automating tasks, creating dashboards, and security tools, is a necessity.
- Application Security Understanding: You should possess a good understanding of application security and be familiar with OWASP guidelines.
- Security Domains: A solid grasp of frontend, backend, and application security domains is required.
- Issue Resolution: A proven track record of successfully identifying, triaging, and resolving application security issues is expected.
- Development Background: An advantage would be a background in development and a good understanding of the Software Development Life Cycle (SDLC) and Continuous Integration/Continuous Deployment (CI/CD) practices.
Desired Qualifications (Nice to Have)
- Communication Skills: Good collaboration and communication skills, with the ability to translate technical security requirements and risks into terms that are understandable to a wide audience.
- Continuous Learning: An enthusiasm for learning about new security products, features, and strategies.
- Security Expertise: Experience with security-related processes such as Security Development Lifecycle, Threat Modeling, Architecture Analysis, Technical Design Review, and Security Code Review is a plus.
- These qualifications and skills are essential for success in this role, ensuring you can contribute effectively to our security initiatives and protect our digital assets.
Role
- Perform security assessments, internal penetration testing, and reviews to identify vulnerabilities in new product features and enhancements.
- Conduct architecture analysis, threat modeling, and technical design reviews for upcoming features and infrastructure changes.
- Owning Vulnerability management, managing the entire vulnerability lifecycle, including triaging, proposing mitigation solutions for security issues, overseeing their resolution throughout the software development lifecycle, and tracking them to closure.
- Define the security architecture and support the planning and implementation of security solutions to mitigate risks.
- Work alongside cross-functional teams to address vulnerabilities,develop security strategies and features aimed at safeguarding customer data and respond to and resolve security incidents as necessary.
- Contribute to the establishment and management of the organization's bug bounty program.
- Implement automated application security practices and secure coding standards through SAST, DAST, and custom checks integrated into the software development lifecycle and CI/CD pipeline.
- Design and implement security measures for software applications, encompassing authentication, authorization, and encryption.
- Stay current with emerging threats and industry best practices in application security, promoting security awareness through training and guidance to engineers on application security concepts.
Security Advisory: Beware of FraudsAt Quince, we're dedicated to recruiting top talent who share our drive for innovation. To safeguard candidates, Quince emphasizes legitimate recruitment practices. Initial communication is primarily via official Quince email addresses and LinkedIn; beware of deviations. Personal data and sensitive information will not be solicited during the application phase. Interviews are conducted via phone, in person, or through the approved platforms Google Meets or Zoom—never via messaging apps or other calling services. Offers are merit-based, communicated verbally, and followed up in writing. If personal information is requested to initiate the hiring process, rest assured it will be through secure and protected means.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
4
1
0
Categories:
AppSec Jobs
Security Engineering Jobs
Tags: Application security Blue team CI/CD Computer Science DAST E-commerce Encryption OWASP Pentesting SAST Scripting SDLC Security assessment Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Startup environment Transparency
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Manager jobsInformation System Security Officer jobsInformation Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsSystems Engineer jobsSenior Information Security Analyst jobsSystems Administrator jobsSecurity Consultant jobsIT Security Analyst jobsChief Information Security Officer jobsSenior Cyber Security Engineer jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsSenior Penetration Tester jobsInformation Systems Security Engineer jobsStaff Security Engineer jobsThreat Intelligence Analyst jobsCyber Threat Intelligence Analyst jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobs
Encryption jobsJava jobsMalware jobsEDR jobsSplunk jobsGDPR jobsRMF jobsSaaS jobsForensics jobsIDS jobsDoDD 8570 jobsIPS jobsSQL jobsSDLC jobsBash jobsIntrusion detection jobsActive Directory jobsThreat detection jobsCompTIA jobsGIAC jobsFinance jobsCRISC jobsITIL jobsTerraform jobsDocker jobs
Clearance Required jobsOWASP jobsSANS jobsPolygraph jobsIndustrial jobsVPN jobsUNIX jobsHIPAA jobsCCSP jobsSOC 2 jobsTCP/IP jobsAnsible jobsBanking jobsIT infrastructure jobsOSCP jobsDNS jobsJavaScript jobsSAP jobsData Analytics jobsNIST 800-53 jobsSOX jobsMITRE ATT&CK jobsGCIH jobsJira jobsSOAR jobs