Application Security Engineer | Schlumberger

Job Details

Application Security Engineer

Mumbai - India

Job description

Job Title: Application Security Engineer

 

Job Summary

The Application Security Engineer will be in charge of assessing the security of different types of applications developed by Schlumberger teams or acquired from 3rd party vendors. Work with company development teams or vendors to detect, prioritize and remediate security flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls. Strives to develop a security-oriented mindset throughout the application development cycle from concept phase through testing and implementation. The engineer will be required to analyse various data security, authentication/authorization, encryption, application level security and auditing requirements and recommend security mitigations and solutions that integrate with the business.

Key responsibilities

  • Perform application security assessment for web, mobile, cloud, thick client and IoT applications
  • Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
  • Perform web services (APIs) penetration testing and analyse communications between client and servers
  • Check separation of duties and access controls, review accounts management and check SSL certificates
  • Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
  • Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
  • Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
  • Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
  • Manage application security assessment requests from multiple locations, plan and prioritize testing activities
  • Collaborate with development teams across multiple locations to prioritize and remediate vulnerabilities throughout the application lifecycle
  • Work with development teams and IT staff to review application code and configuration for possible security risks
  • Write standards, guidelines and best practices related to application security
  • Evaluate/Develop new tools for application security testing
  • Develop training materials and conduct presentations and technical security awareness training for software architects, QA, and IT and development staff as business needs dictate  
  • Follows the technical governance (standards, best practices, etc.)
  • Attend industry cybersecurity webinars and conferences related to application security

Qualifications and Requirements

Essential qualifications

  • Bachelor’s or Master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.) or equivalent experience
  • 5-7 years’ experience in application security assessment
  • Experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review
  • Experience with network penetration testing, firewalls configuration, network architecture and security
  • Experience with mobile application security testing on iOS and Android platforms
  • Experience securing applications on a myriad of platforms and languages including Java, .Net
  • Experience in OS hardening on Windows and Linux environments
  • Experience with a variety of testing tools, including: IBM AppScan, Burp Pro Suite, Veracode, Fortify, Qualys Suite, NMAP, Metasploit, Kali Linux, Wireshark and OWASP ZAP.
  • Understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
  • Experience in identifying and resolving false positive findings in assessments
  • Experience in writing scripts using languages such as Bash, Python, Perl and Powershell
  • Knowledge of DevSecOps process to integrate security in each phase of application development lifecycle
  • Firm understanding of networks, operating systems and data-center architecture.
  • Familiarity with cloud technologies (IaaS, PaaS, SaaS) on Google and Azure environments
  • Working knowledge of MSSQL and Oracle Databases, IIS and Apache Tomcat web servers
  • Project management experience, the ability to plan, manage and maintain a complex list of project tasks
  • Programming experience and abilities in at least one or more of the top common languages a strong plus
  • Experience performing Red Team, Blue Team Operations is a plus.
  • Industry Involvement including:
    • Professional information security certification (CSSLP, CISM, CEH, GPEN, GWAPT or similar)
    • Membership in a professional information security association
    • Completion of one industry recognized information security training course

 

 

Other skills and abilities

  • Strong organizational, personal discipline and time management skills to manage multiple tasks and changing priorities.
  • Demonstrated ability to lead team efforts and to manage and coordinate complex projects
  • Ability to properly handle confidential information and personnel-related matters
  • Understands the business impact of decisions on operations
  • Ability to reconcile competing demands between conflicting interests and priorities
  • Comfortable with defending a position to upper management
  • Demonstrated ability to facilitate coordination and work collaboratively.
  • Demonstrated initiative and resourcefulness with ability to learn, work and lead with limited supervision
  • Strong process-oriented skills for troubleshooting, problem solving and problem resolution
  • Possess sufficient technical knowledge to assure further development of advanced skills in in a relatively short period of time through formal and on the job training
  • Ability to define, document and deploy standards, processes and procedures
  • Ability to work with others to deliver and provide a high level of service
  • Strong communications skills both verbal and written with the ability to talk to both business and technical people
  • High standards, strong attention to detail.
  • Fluency in English
  • Ability to work in global distributed setting without supervision
  • Ability to work well with all levels of the company

 

Application Security Engineer
Log in to apply for this position today.
Apply Now

Share This