Product Security Engineer
India
Applications have closed
Infoblox
Infoblox unites networking and security, empowering customers to deliver better performance and protection and ensure their businesses thrive.- Conduct cloud infrastructure and application vulnerability assessment in an agile cloud development environment using open-source and commercial tools
- Validate and triage identified vulnerabilities and application security defects
- Track remediation efforts of triaged vulnerabilities to their completion
- Contribute to the development and maintenance of vulnerability management tools and CI/CD integrations
- Provide technical documentation to development teams describing vulnerabilities and impact
- Create and maintain documentation as it relates to vulnerability management and penetration testing processes, standards, and recommendations
- Perform penetration testing of web applications, APIs, thick clients, mobile applications, Onprem, and SaaS services following OWASP methodologies
- Research and develop proof of concepts on publicly available exploits for known/0Day vulnerabilities
- 4+ years of years experience in vulnerability management and penetration testing
- Hands-on experience managing:
- Vulnerability scanning tools
- Container and dependency (OSS libraries) scanning tools
- Docker and Kubernetes
- Security administration in AWS and Azure
- CI/CD and DevOps Tooling (Git, Jenkins, CircleCI)
- Infrastructure as code tools (Ansible, CloudFormation, Terraform)
- Experience in agile methodologies with secure software development life-cycle involving SAST & DAST tools (Coverity, CodeQL, SonarQube, Contrast)
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (reverse proxies, WAF), DNS Security, DoH & DoT
- Experience working with a POSIX system such as Linux or macOS
- Familiarity with Shell Scripts, Python or Golang is a major plus
- Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.
- One or more security certifications CEH, CISA, GSEC, OSCP, CISSP, etc.
- Excellent verbal and written communication skills with a strong attention to details
- MS/M.tech or BE/BS/B.tech in Computer Science or related field, or equivalent work experience required
- Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that require vulnerability assessment and penetration testing
- Reach proficiency with process and procedures laid out for the team in delivering best-in-class cyber security services
- Build knowledge and hands-on experience on cutting-edge technologies
- Understand the team of engineers and the current state
- Be an independent key contributor to the team
- Participate in rotational watchdesk responsibilities as applicable
- Provide recommendations for security posture improvements
- Identify emerging security threats and trends
#LI-SB1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible APIs Application security Automation AWS Azure CEH CI/CD CircleCI CISA CISSP Cloud CodeQL Compliance Computer Science DAST DevOps DNS Docker Exploits Firewalls Golang GSEC IPS Jenkins Kubernetes Linux MacOS Network security NIST OSCP OWASP Pentesting Product security Python SaaS SANS SAST SonarQube Terraform VPN Vulnerabilities Vulnerability management Zero-day
Perks/benefits: 401(k) matching Career development Competitive pay Equity / stock options Health care Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.