Sr Security Engineer

Ecolab's Cybersecurity team is looking for a Sr. Security Engineer with 6 - 8 years of experience in the Application Security domain. This person will be responsible to define consistent Secure Software Development Lifecycle practices for all Ecolab applications to ensure application security vulnerabilities are mitigated. Application security and application development experience and team participation skills are a must. In this position, you are a passionate and talented application security engineer with deep understanding of OWASP, CWE 25, data protection, access management, software vulnerabilities and best practices design who can work in a dynamic environment. Your primary responsibilities include: 

• Perform Application security risk assessment (Mobile/Web/API/IoT etc. based applications)
• Ability to perform and fix issues from static and dynamic application security testing tools including penetration testing for a wide variety of applications
• Ability to identify, prepare and execute the attack simulations and making the vulnerability reports as part of manual penetration testing process
• Liaise with teams doing manual and automated security testing of Web applications, APIs, and mobile Apps 
• Perform software applications reviews for potential security vulnerabilities  
• Ability to effectively work with the engineering and development teams to provide them understanding of secure development issues and guide them with industry best practices for remediation or mitigation 
• Providing training for development and engineering teams regarding secure coding practices 
• Ability to perform secure source code review 
• In-depth knowledge of vulnerability mitigation strategies 
• Good understanding of application architecture and cloud platforms (Azure in particular) 
• Technical point of contact for development teams as it relates to automation, CI/CD, and application security operations 
• Improve the accessibility of security through automation, continuous integration pipelines, and other means (DevSecOps approach) 
• Aptitude for learning software vulnerabilities, exploits, countermeasures, and operational monitoring 
• Proficient in reading modern programming languages with the ability to quickly learn to read and interpret scripts written by others 
• Good knowledge of Web Application Firewall (WAF) technology 
• Build and maintain relationships with key stakeholders and business partners 

Educational Qualification:

Bachelor’s degree in computer science, information technology or related discipline.