Lead Engineer Vulnerability Management

Marmon Technologies India Private Limited

As a part of the global industrial organization Marmon Holdings—which is backed by Berkshire Hathaway—you’ll be doing things that matter, leading at every level, and winning a better way. We’re committed to making a positive impact on the world, providing you with diverse learning and working opportunities, and fostering a culture where everyone’s empowered to be their best.

Designs and develops integrated security system solutions for the enterprise network. Responsible for designing, implementing, and testing firewalls, software, and hardware. Ensures proprietary/confidential data and systems are protected. Provides technical engineering services for the support of integrated security systems and solutions. Conducts network security audits/assessments. Provides technical direction and assistance to application areas as well as operations, coverage, and other technical support areas.

Position Overview-

We are seeking a highly skilled and experienced Vulnerability Management Engineer to lead our security efforts with a focus on integrating security practices seamlessly into our development processes. The ideal candidate will have extensive experience in both security and software development, with a deep understanding of secure coding practices, vulnerability assessments, and mitigating techniques.

Skills and Qualifications:

• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or other relevant certifications preferred.

Performing Secure code reviews or hands on experience in secure software development life cycle.

• Professional Certified of Cloud, AWS, Azure.

• Experience in (WAF, IAM - Okta, Auth 0, KMS - encryption, OpenSSL, key vault)

• Knowledge PEN testing, Burp Suite or Metasploit, Kali Linux, Wireshark network packet analysing.

• Aware of regulatory requirements GDPR, HIPAA

• Bachelor’s degree in computer science, Information Security, or a related field. • 6 - 8 years of experience in application security, software development, or a related field.

• Proficiency in security testing tools such as SAST, DAST, and vulnerability scanners.

• In-depth knowledge of secure coding practices, cryptographic protocols, and authentication mechanisms.

• Familiarity with OWASP top 10 vulnerabilities and best practices for mitigating them.

• Experience with DevOps, SecOps practices and tools, including CI/CD pipelines and infrastructure as code.

• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.

Responsibilities:

1. Lead Security Integration: Drive the implementation of security measures throughout the software development lifecycle, ensuring that security is prioritized at every stage.

2. SecOps Implementation: Collaborate with development and operations teams to integrate security practices into CI/CD pipelines, automating security testing and deployment processes.

3. Vulnerability Management: Conduct regular vulnerability assessments using SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools, and coordinate remediation efforts with development teams.

4. Secure Code Review: Ensure all software code, including third-party components, undergo regular code reviews and static analysis to identify and remediate security vulnerabilities. Follow secure coding practices.

5. Security Architecture: Design and implement secure architecture patterns for applications and systems, considering factors such as encryption, authentication, and access controls.

6. Threat Modeling: Perform threat modeling exercises to identify potential security risks and develop strategies to mitigate them effectively.

7. Security Awareness: Educate development teams on secure coding practices, OWASP top 10 vulnerabilities, and emerging security threats to foster a security conscious culture.

8. Incident Response: Develop and maintain incident response plans and lead investigations and post-incident reviews in the event of security breaches or incidents.

9. Compliance and Standards: Stay updated on industry regulations and compliance requirements related to application security, ensuring that our systems adhere to relevant standards.

10. Security Standards Documentation: Documentation of security practice and process during the development lifecycle.

11. Cloud Security: Implement and manage security controls for cloud-based applications and services, ensuring compliance with cloud security best practices.

Following receipt of a conditional offer of employment, candidates will be required to complete additional job-related screening processes as permitted or required by applicable law.