RSA - Application Security Engineer

RSA - Application Security Engineer

(Location: Hybrid/ Remote India)

RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user access control; and reduce business risk, fraud and cybercrime. RSA protects millions of users around the world and helps more than 90 percent of the Fortune 500 companies, and every branch of the U.S. federal government, thrive and continuously adapt to transformational change. For more information, go to rsa.com.

Expertise in penetration testing Web, Mobile application (both iOS and Android), API and SaaS application. Expertise in performing Threat Modeling, generating security architectural requirements to software development and product teams. In-d depth understanding of API security vulnerabilities and proven experience in securing API. Experience in writing proof of concepts, exploits and performing in-depth exploitation is desired. Ability to code/ script using any languages like PowerShell/Python/Perl/Ruby is desired.

Key Responsibilities: 

• Building strong partnerships with internal teams influencing to incorporate “Security by Design” principle at all levels of software and product lifecycle management.
• Perform security assessment on web applications and services and help application teams solve complex technical problems and design issues.
• Communicates security risks and solutions to business partners and technology teams across the organization.
• Research, design, and advocate new technologies, standards, or methodologies that will strengthen our security posture, reduce our risk exposure, and improve our overall user experience.
• Review and update relevant polices, standards and procedures to raise the maturity of the program.
• Securing IT Applications and third-party SaaS services

Requirements: 

• Expertise in penetration testing Web, Mobile application (both iOS and Android), API and SaaS application. Expertise in performing Threat Modeling, generating security architectural requirements to software development and product teams.
• In-depth understanding of API security vulnerabilities and proven experience in securing API. Experience in writing proof of concepts, exploits and performing in-depth exploitation is desired.
• Ability to code/ script using any languages like PowerShell/Python/Perl/Ruby is desired.
• Familiarity with advanced threat detection techniques and the ability to detect and respond to high alert attacks effectively.
• Experience in cloud technologies, cloud-native application architecture, 12 factor(SaaS)(SaaS), containers and related technologies preferred.
• Customer focused mindset and is capable of flexing and delivering security solutions to meet the business needs by still achieving the high security standards.
• Growth mindset who is passionate to learn and use new/emerging technologies.

Desired Skills: 

• 8+ years of experience with various application security tools including SAST, SCA, DAST, Penetration testing, API Security, and fuzzing techniques.
• Conduct in-depth assessments of API to identify potential weaknesses and security flaws that may expose our systems to risks.
• Responsible for assessing risk of vulnerabilities and documenting them with proper proof of concepts, as necessary.
• Work closely with the development team to communicate findings and ensure timely resolution of identified findings.
• Experience working with Cloud and SaaS platform vendors to conduct responsible penetration tests and security scanning
• Understanding of Industry trends in security solutions related to securing and governing APIs.
• A bachelor’s degree in computer science, Engineering, Mathematics, related field, or equivalent experience
• One or More technical security certifications is a plus (examples below – but others are acceptable as well):
• CISSP – Certified Information Systems Security Professional
• CCSP – Certified Cloud Security Professional
• CSSLP – Certified Secure Software Lifecycle Professional
• CSEC- SANS CIAC Security Essentials

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.