Application Security Engineer - 3

About the company Upstox is one of India's leading Fin-Tech companies with a mission to simplify trading & investing to make it easily accessible to the masses. We aim to enable everyone, from new investors to seasoned traders, to invest across multiple categories with our state-of-the-art trade & investment platform and commission-free pricing. We offer numerous asset categories to invest in, like Stocks, Digital Gold, IPOs, Mutual Funds, and more.   Our mission is simple - to break down the complexities of investing and make it more effortless, accessible, affordable, and easy for the masses to adopt. This key principle when infused with intuitive design and leading-edge technology will help us empower every Indian to take control of their investments.  Role: Sr Application Security Engineer The Application Security Engineer plays a crucial role in ensuring the security and privacy of Upstox’s applications. They are responsible for performing activities related to security and privacy by design, integrating security controls throughout the Software Development Life Cycle (SDLC), and establishing, implementing, monitoring, reviewing, and improving a suitable set of controls to prevent threats to the security of our applications and information assets. The job holder is responsible for ensuring that the organization's business objectives are met while maintaining the security and integrity of its applications and information.Essential Duties and Responsibilities:- The ideal candidate must possess 6-8 years of experience in conducting security vulnerability assessments and penetration testing for web and mobile applications.- Proficiency in conducting penetration testing for thin and thick client-based applications is required.- Ability to exploit security flaws and vulnerabilities with attack simulations on multiple applications on Android and iOS platforms.- Develop proof-of-concept (PoC) and exploits for identified vulnerabilities and provide remediation guidance to the stakeholders.- Ability to solve complex vulnerabilities such as business logic flaws and communicate effectively with both technical and non-technical stakeholders.- Responsible for ensuring technical execution and quality of deliverables for engagements.- Analyze application security policies for effectiveness, provide suggestions on security policy improvements, and work to enhance methodology material.- Develop and maintain security testing plans and automate penetration and other security testing on networks, systems, and applications.- Create meaningful metrics that reflect the true posture of the environment to enable the organization to make risk-based decisions.- Produce actionable, threat-based reports on security testing results.- Build and maintain relationships with key stakeholders and business partners.Job Requirements:- Demonstrates strong teamwork and interpersonal skills.Able to work independently with minimal supervision in complex infrastructure environments.- Communicates effectively, conveying needs and statuses clearly.- Possesses the ability to influence others without direct managerial authority.- Can accurately estimate effort and meet deadlines.- Has development experience in one or more of the following technologies: Python, Node/JavaScript, Java, GoLang, PHP.- Has research and development experience in the security field.- Experienced in Red team exercises, threat hunting, OSINT.- Experienced in Threat Modelling.- Experienced in building security tools.- Possesses strong communication and presentation skills.- Has an understanding of network security assessments.- Familiarity with DevSecOps integrations.- Has an understanding of Security Architecture Review.- Familiarity with newer technologies such as IoT, Cloud, AI, Blockchain, and associated security challenges.If you fit the above description, we would love to connect with you! APPLY NOWA basic requirement but one that many forget: Make sure you go through our website,download our app and give us feedback!Upstox is an Equal Opportunity Employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or other characteristics.