Job description

The Senior Security Engineer will focus on integrating and improving application security by conducting security assessments, threat modeling, and enabling developers through workshops and training. Required skills include expertise in multiple classes of vulnerabilities, secure coding principles, automation of SAST, and strong communication abilities.

Responsibility

• Security Assessments: Examine products in detail to discover vulnerabilities and collaborate with other security engineers to demonstrate exploitability and risk factors.
• Be on the forefront of emerging vulnerabilities/threats affecting Freshworks products through independent research.
• Engage with developers to develop workarounds/mitigation plans and ensure proper implementation.
• Drive thematic security assessments to discover unique vulnerabilities with severe business impact.
• Threat Modelling: Engage with development teams to conduct secure design reviews/threat modelling and enable developers with threat modeling workshops.
• Secure Coding: Manage SAST integration in the DevOps pipeline and propagate secure coding principles.
• Be the go-to person for solving secure product development issues.
• Training: Deliver training programs and conduct workshops/security tech talks to disseminate security knowledge and awareness.

Qualifications

• Master or Bachelor of Engineering in Computer Science / Engineering, Masters in Computer Science, Bachelor of Science in Computer Science.
• 4 to 7 years of application security experience; 2+ years of software development experience is desirable.
• Expert-level knowledge in multiple classes of vulnerabilities that include cross-site scripting, SQL Injection, CSRF, cryptographic-related weakness, and code injection.
• Good knowledge of SAML / OAuth / Open ID Connect.
• Good knowledge of programming/scripting languages such as Java, Ruby, and Python.
• Good knowledge relating to services/technology relating to the cloud.
• Ability to automate security testing and improve productivity in security assessments.
• Good understanding and knowledge of web frameworks and architecture.
• Ability to communicate and interpret security vulnerabilities to various audiences, such as development and management teams.
• Experience conducting security assessments in cloud platforms (SaaS, PaaS, IaaS).
• Published CVEs / research papers/articles about the security of the application layer and related protocols.
• Experience in integrating and automating security in DevOps through implementing/building orchestration tools.
• Good security development experience in Java / Ruby on Rails.