Detailed Job Description
Responsible for strategically engaging product teams, sharing application security testing knowledge and building security integration tools with product engineers
Lead security testing engagements with product teams and mentor engineers on security testing methodologies and techniques
Work with developers and testing/quality engineers to provide solutions for discovered security issues and provide product teams with scripts, tools and testing strategy
Find the 0-days in DELL EMC products before anyone else does.
Document and share with the product teams the issues discovered including the steps to reproduce and mitigate them
Write custom tools that can help product teams in doing efficient security testing
Lead security testing workshops to teach other engineers at DELL EMC how to find security issues in products
Document generic test cases for publication in Product Security knowledgebase
Collaborate and contribute to security testing community across the company to share best practices
Be proactive in identifying new testing tools that help advance security testing
Essential Requirements
Masters degree or higher in Information Security or similar technical field desirable
Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning
Experience in understanding and leveraging reports from scanners such as IBM Appscan, Nessus, Qualys, Twistlock
Proven experience in discovering authentication and authorization bypass defects
Experience in finding 0-days and writing exploit
Experience in extending the tools like ZAP, BURP…
Ability to think like an attacker and make sure that DELL EMC products are ready to stand up to current and future attacks
Subject Matter Expert on software vulnerability types and exploitation
Knowledge of how to test code and applications across various platforms (Linux, Windows, etc.) for security issues
Knowledge of at least one programming or scripting language such as Python, Java, C, Ruby, etc.
Strong understanding of the network stack including ports and protocols
Experience performing application black-box and white-box penetration testing preferred
Knowledge of reversing patch and exploring 1-day exploits preferred
Certifications such as CEH, CISSP, Security+ a bonus
Good presentation and documentation skills


Keywords
Python, Java, C, Ruby, ,


Interview Information
Job Location : Bangalore
Interview Location : Bangalore