Application Security Engineer

Hybrid (2 WFH, 3 days WFO) - Hiring in India

At Urbint, our mission is to build a world with zero safety incidents. We do this by pairing data with artificial intelligence to identify areas of high risk and prevent catastrophic loss for utilities and infrastructure operators across the country. Our work literally saves lives. We are a team of close-knit engineers, entrepreneurs, and data geeks who obsess over problem-solving, new technologies and making a positive impact in our communities.

Job Summary

The Application Security Engineer plays a critical role in ensuring the security and integrity of our software applications and systems. They will be responsible for identifying and mitigating security vulnerabilities, conducting security assessments, and implementing best practices to protect our applications from potential threats. This role requires a deep understanding of application security principles, strong technical skills, and the ability to collaborate effectively with cross-functional teams.

What You'll Do

• Security Assessment and Testing:
• Conduct security assessments of new and existing software applications, including web applications, mobile apps, APIs, and cloud-based services.
• Perform manual and automated security testing, including vulnerability scanning, code review, and penetration testing, to identify potential security weaknesses and vulnerabilities.
• Analyze assessment results, prioritize findings based on risk, and provide recommendations for remediation to development teams.
• Security Architecture and Design:
• Work closely with software architects and developers to incorporate security best practices into the design and architecture of new and existing applications.
• Review and provide security guidance for application design, including authentication, authorization, encryption, input validation, and error handling.
• Conduct threat modeling exercises to identify potential security threats and risks at the application level and propose mitigations to address them.
• Security Controls Implementation:
• Implement security controls and countermeasures to protect against common security threats, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and others.
• Configure and manage web application firewalls (WAFs), intrusion detection/prevention systems (IDS/IPS), and other security tools to enhance application security posture.
• Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC) and automate security testing and validation processes.
• Incident Response and Remediation:
• Provide support for incident response activities, including investigating security incidents, analyzing root causes, and recommending corrective actions.
• Assist in the development and implementation of incident response plans and procedures to mitigate the impact of security breaches and incidents.
• Work with cross-functional teams to address security vulnerabilities and weaknesses identified during incident response activities and security assessments.
• Security Awareness and Training:
• Promote security awareness and best practices among development teams through training sessions, workshops, and knowledge-sharing initiatives.
• Provide guidance and support to developers on secure coding practices, security controls, and threat mitigation techniques.
• Stay current with the latest security trends, vulnerabilities, and industry developments, and share knowledge with the broader team.

Who You Are

• Bachelor's degree in Computer Science, Information Security, or related field.
• Minimum of 3 - 5 years of experience in application security, software development, or related roles.
• Strong understanding of web application security concepts, including OWASP vulnerabilities and common attack vectors.
• Hands-on experience with security testing tools and techniques, such as OWASP ZAP, or similar.
• Proficiency in programming/scripting languages such as Python, Typescript, JavaScript.
• Familiarity with security standards and frameworks, such as OWASP ASVS or ISO/IEC 27001.
• Excellent analytical and problem-solving skills, with the ability to identify and mitigate security risks in complex software environments.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders.
• Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.

Benefits

• Mission Driven - Some companies use AI to serve better digital ads and trade stocks, we seek to make our communities safer and more resilient
• Competitive compensation package
• Generous Paid Time off, Paid Company Holidays including Mental Health Days
• Medical Insurance covering self, spouse, 2 children and parents/in-laws
• Hybrid work – 3 days at office; 2 days at home

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.