Associate Architect- Security Engineer
Icertis
IT
Pune, Maharashtra, India
Posted on Dec 1, 2020
With unmatched technology and category-defining innovation, Icertis pushes the boundaries of what’s possible with contract lifecycle management (CLM). The AI-powered, analyst-validated Icertis Contract Intelligence (ICI) platform turns contracts from static documents into strategic advantage by structuring and connecting the critical contract information that defines how an organization runs. Today, the world’s most iconic brands and disruptive innovators trust Icertis to fully realize the intent of their combined 10 million contracts worth more than $1 trillion, in 40+ languages and 93 countries.
Who we are: Icertis is the only contract intelligence platform companies trust to keep them out in front, now and in the future. Our unwavering commitment to contract intelligence is grounded in our FORTE values—Fairness, Openness, Respect, Teamwork and Execution—which guide all our interactions with employees, customers, partners and stakeholders. Because in our mission to be the contract intelligence platform of the world, we believe how we get there is as important as the destination
· Perform static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of web applications to identify vulnerabilities and security defects.
· Support the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
· Serve as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
· Develop and implement manual and automated web application security testing of web applications to enforce security standards.
· Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations
· Improve engineering standards, tooling, and processes.
· Perform proactive research to detect new attack vectors.
Skills
- Experience in security tool development in one or more general purpose programming/scripting languages Python, PowerShell etc. (Would be advantageous)
- Hands on experience in DAST, SAST and SCA tools.
- Previous experience in auditing, testing and analyzing applications.
- Web or mobile experience with modern engineering practices such as infrastructure as code, Agile, and resilient architecture.
- Deep technical knowledge in following areas: cloud and networking security, web application security, mobile security.
- A knack for finding flaws in software and can effectively communicate how to fix them.
- Familiarity with fuzzing as a way to find bugs.
- Strong knowledge of secure coding best practices, the OWASP top 10.
- Correctly balance security risk and product advancement.
- Hands-on attitude and the ability to drive solutions to completion.
- Passion for information security.
- Excellent communication skills.
Icertis, Inc. provides Equal Employment Opportunity to all employees and applicants for employment without regard to race, color, religion, gender identity or expression, sex, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Icertis, Inc. complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to careers@icertis.com or get in touch with your recruiter.
By submitting your application you acknowledge that you have read Icertis’s Privacy Policy (https://www.icertis.com/privacy-statement/)
Icertis is not open to third party solicitation or resumes for our posted FTE positions. Resumes received from third party agencies that are unsolicited will be considered complimentary.