Not Disclosed
1-3 Years Full Time
Pune, Maharashtra, IN

Vacancy: Not Disclosed Posted: 2 years ago Applicants: 0
Share via

Job Description

Job Summary

The Application Security Engineer or DevSecOps Engineer will be in charge of assessing the security of different types of applications developed by Schlumberger teams or acquired from 3rd party vendors. Work with company development teams or vendors to detect, prioritize and remediate security flaws within the applications. Collaborate with IT and the business to identify and implement appropriate software development related security controls. Strives to develop a security-oriented mindset and DevSecOps mindset throughout the application development cycle from concept phase through testing and implementation. Strive to support the development teams to be agile and deploy and deliver products securely by automating all security requirements. The engineer will be required to analyze various data security, authentication/authorization, encryption, application-level security and auditing requirements and work with the development teams to suggest security mitigations and solutions that integrate with the business and security compliance requirements.

Key responsibilities

  • Perform automation of various security scans and security tests
  • Perform application security assessment for web, mobile, cloud, thick client and IoT applications
  • Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
  • Perform web services (APIs) penetration testing and analyse communications between client and servers
  • Check separation of duties and access controls, review accounts management and check SSL certificates
  • Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
  • Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
  • Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
  • Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
  • Collaborate with development teams across multiple locations to prioritize and remediate vulnerabilities throughout the application lifecycle
  • Work with development teams and IT staff to review application code and configuration for possible security risks
  • Develop training materials and conduct presentations and technical security awareness training for software architects, QA, and IT and development staff as business needs dictate
  • Follows the technical governance (standards, best practices, etc.)

Qualifications and Requirements

Essential qualifications

  • Bachelors or Masters Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.) or equivalent experience
  • 1-3 years experience in DevSecOps or Application security assessment
  • Experience in writing scripts using languages such as Bash, Python, Perl and Powershell
  • Knowledge of DevSecOps process to integrate security in each phase of application development lifecycle
  • Experience with CI and CD tools, and source control such as GIT and Azure DevOps
  • Experience on using Docker or deploying apps on Kubernetes
  • Familiarity with cloud technologies (IaaS, PaaS, SaaS) on Google and Azure environments
  • Experience with software penetration testing, architectural risk assessment, threat modelling, static code analysis and secure code review
  • Experience with network penetration testing, firewalls configuration, network architecture and security
  • Experience securing applications on a myriad of platforms and languages including Java, .Net
  • Experience in OS hardening on Windows and Linux environments
  • Experience with a variety of testing tools, including: IBM AppScan, Burp Pro Suite, Veracode, Fortify, Qualys Suite, NMAP, Metasploit, Kali Linux, Wireshark and OWASP ZAP.
  • Understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
  • Experience in identifying and resolving false positive findings in assessments
  • Firm understanding of networks, operating systems and data-center architecture.
  • Project management experience, the ability to plan, manage and maintain a complex list of project tasks
  • Experience performing Red Team, Blue Team Operations is a plus.
  • Industry Involvement is a plus:
  • Professional information security certification (CSSLP, CISM, CEH, GPEN, GWAPT or similar)
  • Membership in a professional information security association
  • Completion of one industry recognized information security training course

Other skills and abilities

  • Strong organizational, personal discipline and time management skills to manage multiple tasks and changing priorities.
  • Demonstrated ability to lead team efforts and to manage and coordinate complex projects
  • Ability to properly handle confidential information and personnel-related matters
  • Understands the business impact of decisions on operations
  • Ability to reconcile competing demands between conflicting interests and priorities
  • Comfortable with defending a position to upper management
  • Demonstrated ability to facilitate coordination and work collaboratively.
  • Demonstrated initiative and resourcefulness with ability to learn, work and lead with limited supervision
  • Strong process-oriented skills for troubleshooting, problem solving and problem resolution
  • Possess sufficient technical knowledge to assure further development of advanced skills in in a relatively short period of time through formal and on the job training
  • Ability to define, document and deploy standards, processes and procedures
  • Ability to work with others to deliver and provide a high level of service
  • Strong communications skills both verbal and written with the ability to talk to both business and technical people
  • High standards, strong attention to detail.
  • Fluency in English
  • Ability to work in global distributed setting without supervision
  • Ability to work well with all levels of the company

Schlumberger as an employer

As a leading employer in our industry, Schlumberger is proud to offer a highly competitive package of base and incentive compensation as well as a comprehensive benefits program designed to support the health, wellness and financial security of our employees and their families. Schlumberger is an equal employment opportunity employer. Qualified applicants are considered without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran or other characteristics protected by law.

Skills Required: Devsecops,Owasp Zap