Wipro
Location
Bangalore | India
Job description
Security Assurance Consultant / Engineer Position Overview:
Technology advancements are helping organizations to deliver un-parallel user experience and value creation. The convergence of physical and digital world is leading to connected ecosystem that creates exponential number of interactions and data/information exchange. The reliability, sustainability and resilience of such connected ecosystem can only be maintained, if it is “Secure-by-Design” and security assurance is part of the product life-cycle-management. Wipro is looking for experienced security assurance professionals. As security expert, you have experience and skills to identify the potential security threats, design the remediation controls, make product/platform change recommendation, and report w.r.t. security compliance. As part of Product Security Engineering team, you will be engaging with wide spectrum of customers to help define, design, adopt and deploy the secure product development lifecycle. Responsibilities • Engage with customers to understand the business and functional use-cases of product. • Evaluate the threat vectors and conduct threat modelling as per the product technology stack and operational use-cases. • Review security architecture and benchmark w.r.t. applicable security compliance. • Conduct automated/manual code review, security vulnerability assessment and penetration testing of software and hardware stack. • Identify, report and remediate the security gaps as per vulnerability disclosure and handling framework. • Design security controls architecture and secure development life-cycle management artifacts as applicable to industry vertical and product. • Manage and enhance security assurance lifecycle. Work with engineering service delivery team to instrument the security controls as part of product development. • Identify the white space, where Wipro solution / IP can be introduced to create market differentiator and value for targeted customer base. • Support prototype and internal engineering team training/readiness. Qualification Required • 10+ years of experience as security engineer/analyst – must have worked with software or hardware product companies as part of engineering organization OR via service provider in similar capacity. • Certifications in the domain of penetration testing, or application security (e.g. OSCP, OSWE, GWAPT, …) • Extensive experience o with OWASP: Application Security Verification Standard, Embedded Application Security, Software Assurance Maturity Model o ISO/IEC 29147:2018 (vulnerability disclosure) and ISO/IEC 30111:2019 (vulnerability handling) o conducting code analysis (static, interactive & dynamic), composition analysis, binary test, run-time Validation o Application security threat modelling, abuse case analysis, risk assessments, design and architecture review. o In-depth understanding of internet protocols, network architectures, and security technologies, including encryption and authentication (e.g. TLS, PKI, IPSec, SAML, OpenSSL, etc)• Hands-on experience with code analysis and security testing tools like -- Veracode, Coverity, reshift, ZAP, Arachni, SonarQube and others • Hands-on experience with MITRE ATT&CK framework and STRIDE threat model. • Working knowledge of following industry standards/certification will be added advantage: Industry standards / certification: FIPS, IEC-62443, IEC-15408, ISO-26262 • 5+ years of software development experience with extensive knowledge of Java, JavaScript, .Net, Perl, Python, SQL, and other shell scripts. • Demonstrated experience in gathering and transforming business requirements into a comprehensive technology solution definition. • Strong team player – work with internal and external stakeholder to solve problems and actively incorporate input from various sources. • Excellent communication skills and collaborative working style. • Willing to travel • Bachelor’s degree in Engineering or related fieldJob tags
Salary
