Product Security Engineer

Join HCL Software, a dynamic and diverse environment where a wide array of applications are developed globally. We are seeking multiple Application Penetration Testers to join our Product and Infrastructure Security team. In this role, you will collaborate closely with product development teams to identify and document security vulnerabilities through approved testing methodologies. Your responsibilities will include performing comprehensive security assessments and penetration tests for mobile, web, and desktop applications deployed across on-premise, cloud, and containerized environments. You will work with various product suites, including commerce, marketing, security, endpoint management, value stream mapping, online meetings, workflow productivity, and collaboration tools, ensuring you'll never face a dull moment.

Key Responsibilities:

• Support the company's unwavering commitment to safeguarding the confidentiality, integrity, and availability of all systems and data.
• Conduct rigorous penetration testing and security assessments on products and applications to uncover complex vulnerabilities and drive them to successful remediation.
• Spearhead the development of innovative vulnerability discovery and exploitation techniques.
• Collaborate effectively with stakeholders to devise robust remediation strategies that enhance the overall security posture.
• Author and present clear, concise security assessment reports.
• Oversee the remediation process for all identified findings and recommendations.
• Contribute to the development of security best practices and provide expert guidance to security teams for implementation.
• Undertake additional security-related tasks as required.

Skills and Qualifications:

• Expert understanding of OWASP Top 10 vulnerabilities, associated testing procedures, and effective remediation recommendations.
• Strong practical experience utilizing SAST, DAST, and IAST tools.
• Advanced proficiency with BurpSuite is essential.
• Demonstrated experience working with information security frameworks such as SANS and NIST.
• Programming expertise in at least one of the following languages: Ruby, Python, Perl, C, C#, or Java.
• Solid knowledge of penetration testing and assessment methodologies, coupled with expert insight into remediation best practices.
• Good understanding of TCP/IP, networking, web applications, databases, mobile, desktop, containerized applications, and cloud applications.
• Exceptional ability to communicate technical issues effectively with software engineers and development leads, translating complex problems and risks into clear, understandable business language.
• Proven ability to build strong professional networks and foster a collaborative atmosphere within the security team and across various business units.
• Bachelor of Science in Computer Science or a related technical field.
• GWAPT, OSCP, or CEH certification is strongly preferred.
• Strong troubleshooting and analytical skills.