What does the team do?
Opportunity is part of the evolving cyber security group which is laser-focused on setting up industry benchmarks in managing & guarding against digital risks in a "Cloud Native - DevOps Only" environment. It is a lean-mean-special action group where every cyber sentinel gets an opportunity to work across domains, has the independence to challenge the status quo & evolve cyber practices to the next level of maturity. Our core competencies revolve around "Product & Platform security" , "Cloud Native Risk Management" and "Detection & Response".
What you will be doing?
Conduct Vulnerability Assessments, Penetration Testing, and source code review.
Automate Technical tasks in CI/CD through the use of APIs or tools.
Perform application source code security reviews for APIs, middle ware, and frontends in Java, Python, Node.JS, etc.
Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Web, iOS, Android, and cloud platforms.
Perform SAST & DAST and improve SDLC.
Develop solution architecture and blueprints based on business technology and security objectives.
Research and maintain secure coding guidelines.
Perform Security Architecture and Low-Level Application Security Design review involving: Data Protection, Authentication and Authorizations, Web Application Security, and Network Security.
Collaborate with product teams to build secure products and achieve the cybersecurity objectives of InMobi.
Maintain an active understanding of industry practices for secure software development and incident response.
What is expected of you?
Zealous to un-learn & re-learn cyber security practices in a "Cloud Native- DevOps Only" environment.
3-6 years experience in application security, penetration testing, DevSecOps.
2-3 years of experience in building and managing security gating in Sonarqube
2-3 years of experience in manual security code review
Standardize & maximize automation in the CI/CD pipeline.
Excellent skills with application security testing tools such as Burpsuite, OWASP ZAP, SQLMap, Kali, etc.
Experience with scripting languages such as Python, bash, PowerShell, etc.
Experience in building and deploying opensource security software in production and making it scalable
Knowledge of Kubernetes and Docker containers.
Knowledge of OWASP Top 10 and SANS Top 25.
Red Teamer with proven skills in exploitation.
Strong understanding of security fundamentals and general security technologies.
Excellent oral and written communication skills and a good team player.
Bug bounties, responsible disclosure awards & Hall of Fame are strongly preferred.
Certifications such as GWAPT, Offensive Security Certified Professional (OSCP), OSCE, or GIAC Penetration Testing (GPEN) are strongly preferred.
