Associate Software Engineer - Application Security Engineer

About The Team

The Security team at Pharmeasy is responsible for securing our application platform, cloud

infrastructure to protect Pharmeasy and its customer database. As an Application Security Engineer, you will collaborate with other security and engineering teams on identifying vulnerabilities in our application while improving visibility and implementing application security best practices throughout SDLC.

Your Key Responsibilities

● Minimum 3 years of experience in Application security.

● Perform security assessment of web applications, Android, iOS mobile applications

● Good knowledge of security frameworks, secure coding practices, information security principles, Threat Modelling.

● Must have Knowledge of the most common implementations of the Threats in application security (e.g. XSS, SQL Injection, XSRF, buffer overruns,business logics, brute force, etc) and how they match the general classification

● Familiarity with the tools for various security activities: Static Code Analysis, DAST Penetration Testing, Intrusion Detection/Prevention, etc

● Proactively identify vulnerabilities across our platform and recommend fixes

● Ownership of the tasks

● Able to automate security activities

● Adapt to technologies/languages/platforms/frameworks of the time

● Promote the culture of security first at Pharmeasy

● Identifying the problem statements which upon solving will increase the security posture of Pharmeasy

What To Bring

● In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

● Experience in doing security assessments on web applications, Android and iOS mobile applications in microservice architecture

● Experience in using the security tools to carry out the manual as well as automated security assessments.

● Experience working with common product flows like Authentication, payment gateway integration, Business logics etc.

● Driving Security in SDLC.

● Good understanding of AWS and GCP Cloud Platform.

● Passion for security, and a practical and balanced approach to security issues.

● Independent, self-motivated and comfortable working in a fast-paced environment.

Certifications (Good to have)

● 1. EC council - Certified Ethical Hacker (CEH)

● 2. Comptia security+

● 3. (ISC)2 Certified Information Systems Security Professional (CISSP)

● 4. Any other relevant security certifications