Security Researcher - Vulnerability Analysis & Signature Development - Web Security Products

Position / Role:

We are on the lookout for a talented individual who is passionate about Vulnerability Analysis & Signature Development to work on our Web Security products. The individual will be joining a team with a proven track record in Bangalore India and be a part of our Suite of Products Unit. Primary focus of this role is to develop Scanner & WAF signatures delivered to customers regularly.

Job Description:

- Create signatures for WAS & WAF products to detect & protect from Web application vulnerabilities.

- Reproducing vulnerabilities to understand the working of an exploit, etc. on need basis to verify existing WAS/WAF coverage.

- Problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.

- Develop tools for the automation of security processes using Python, PERL, PowerShell, etc.

- Collaborate with engineering teams to support/maintain/design backend applications and other operational platforms.

Candidate Profile : 

- 5+ years of experience in the area of information security with strong understanding of security basics, network vulnerabilities and analysing/developing IPS/IDS/WAF signatures.

Good understanding of:

- Firewalls, proxies, SIEM, antivirus, and IDPS concepts

- Windows & Linux operating systems (REDHAT)

- Network security, network layers (OSI Layer-3 and Layer-4)

- Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc.

- Network Penetration testing and techniques

- Identify and Analyse network vulnerabilities, Attack reproduction.

- Programming languages like C/C++, Java and Scripting language like Python, Perl, etc.

- Hands-on experience in:

- Web-app security (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25

- Network analysis tools like tcpdump, Wireshark, Burpsuite

- Crafting Regular Expressions, Verification & Validation

- Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc.

- Analysing existing or writing new POCs

- Effective written and verbal communication skills.

Good to have : 

- Developing security related tools / programs

- Knowledge on Cloud infrastructure services

- Virtualization software (VMWare, Virtual PC / Virtual Box, XEN, etc), VPNs

- Knowledge on ModSecurity and Rule writing

- Experience in any of Java, Test NG, Linux Scripting, shell scripting, Python, Perl

- Experience/Knowledge in Amazon Web Services

What do you gain?

- Challenging, transparent and supportive work environment

- Opportunity to grow rapidly in your career along with the company's growth.

- Competitive compensation structure and benefits

There are over a billion web apps and millions of mobile apps in the world now. We with a mission to secure them and with its own line of cutting-edge Armory of application security products, are living the dream of becoming the next Billion dollar "Made in India" security company".

Seriously Interested ones May please share there updated profile and can connect with for Call / Whatsapp at +91-9810903771

Abhijeet Singh