Security Engineer

As an Application Security Engineer at JioStar in Bengaluru, Karnataka, you will be instrumental in protecting our products and user data. This role bridges engineering and security, embedding best practices throughout the development lifecycle. You will identify vulnerabilities in web and mobile platforms, manage risks from design to deployment, and champion secure coding and threat modeling. You'll work with cutting-edge technologies, influence product strategy, and enhance JioStar's security posture in a dynamic, high-impact setting.

Key Responsibilities

• Conduct security testing on web, Android, and iOS applications to find and fix vulnerabilities.
• Partner with product and engineering teams from concept to delivery, integrating secure software development lifecycle (SDLC) practices.
• Develop realistic attack scenarios to uncover potential threats.
• Define the threat landscape across product ideation, architecture, and implementation, ensuring security is a core component.
• Proactively identify system-wide vulnerabilities and provide clear, actionable remediation steps.
• Manage tasks independently and deliver results within deadlines.
• Continuously expand expertise in various security domains, including cloud, application, and operating system security.
• Stay current with technological advancements and adapt security strategies accordingly.
• Innovate to speed up vulnerability detection and integrate security earlier in development.
• Promote a security-first culture by influencing engineering practices and decisions.
• Identify critical issues and implement solutions to significantly improve JioStar's security.

Skills & Attributes for Success

• Deep understanding of security vulnerabilities beyond the OWASP Top 10.
• Proven experience in security assessments for web, Android, and iOS applications within microservice architectures.
• Proficiency in using security tools for both manual and automated assessments.
• Experience with common product flows such as payment gateway integration and authentication.
• Solid understanding of application development processes to identify weaknesses.
• Familiarity with programming languages including Python, Java, PHP, C, C++, SQL, Javascript, Ruby, NodeJS, and Go is highly advantageous.
• A genuine passion for security with a pragmatic and balanced approach to addressing security challenges.
• Ability to diagnose the root cause of application or system behavior.
• A curious mindset to understand how systems function under various conditions.
• Independent, self-motivated, and adept at collaborating with diverse product and engineering teams in a fast-paced environment.
• Contributions to the security community are a significant advantage.
• A preference for automation to streamline security processes.