Application Security Expert

Schneider Electric Bangalore, Karnataka

About the Job

Applications Security Expert

Context
Schneider Digital is the global IT organization within Schneider Electric. The Applications security and compliance framework is an Schneider Digital initiative to elevate the level of security and compliance of applications that the organization delivers.

Responsibilities
The Applications Security Expert will work with project teams to ensure applications meet strict security policies.

  • Understanding project deliverables and application details
  • Running automated and manual security checks (not limited to tools) to uncover security holes in the system
  • Propose mitigation steps for identified risks and threats
  • Providing recommendations from a security perspective based on understanding of application and results of checks
  • Working with the Regional CISO, Digital Risk Leaders and keep up to date with Schneider Digital standards, policies and tools


Requirements for Applications Security Expert
Behaviors and Competencies
The Applications Security Expert must demonstrate mature behaviors including:

  • Strong written and verbal International communication skills, with a proven ability to communicate with technical staff, as well as project teams
  • Keeping pace with standards and technologies related to security


Education and Training
Essential
  • BE or MS or MCA Computers Science or Information Technology or related fields

Desirable
  • M. Tech Computers Science or Information Technology or related fields
  • Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc

Skills
  • Security - Web, Mobile, Thick Client, Network etc
  • Applications Development & Delivery
  • Collaboration/Teamwork
  • Communications (Written and Oral)
  • Interpersonal Skills


Knowledge
The Applications Security Expert should have in-depth knowledge and experience of the following:

  • Pentest standards and methodologies, OWASP
  • Subject matter expert in web/mobile/thick client/API/IoT/IIoT assessments
  • Good understanding of server vulnerabilities (Linux, Windows) and hardening
  • Familiarity with cloud platforms (preferably AWS)
  • Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
  • Experience with automation, scripting (Python, Perl, Ruby, etc.)
  • Proactive interest in emerging technologies and techniques related to penetration testing
  • Ability to translate technical security topics in a business-friendly manner
  • Demonstrable teamwork skills and resourcefulness

Experience
Essential
  • 5+ years of experience in IT security
  • Min 2+ years of experience in penetration testing of web/mobile (iOS & Android)/API/thick client

Desirable
  • Experience with red teams or CTF (Capture the Flag)
  • Experience with reverse engineering
  • Presented exploit POC/ research concepts at forums like exploit-db.
  • Participated in national/ international cybersec conferences.