---

---

Location

Bangalore | India

---

Job description

The security team at Sharechat works on various aspects such as application
security, cloud security, governance, IT infrastructure security, risk
compliance and privacy for our Sharechat/Moj applications.

What You ll Do

To drive and manage the entire product security which includes regular
application security assessments (SAST, DAST), cloud security assessment and managing the vulnerabilitiesin the environment.

Define and manage the tooling and services required for security testing
services, e.g. penetration testing, mobile application security testing, source
code inspection and cloud security

To assess API security and architecture for the security enhancements.

Define and report to CISO the appropriate metrics to judge operational
effectiveness as well as outstanding risk of the organization due to
vulnerabilities introduced by projects, e.g. software vulnerabilities and
insufficient development practices

Ensure applications are effectively security tested, according to their
criticality, throughout development and its lifecycle and are mitigated on a
timely fashion

To present application security risk metrics to senior management and
different engineering stakeholders.

Managing the security vendors which provide technical security services.

To drive the Secure SDLC across the engineering services or different pods

Define, setup and lead the bug bounty programme for the ShareChat and Moj application.

Identify major internal application security related deficiencies and
suggest pragmatic approaches on how to remediate them. Collaborate closely with other folks like GRC Analyst product managers on Application Security related matters

Automate the security to a larger extent is possible

Comply to the ISMS policy laid down by the ShareChat Company.

Who are you

Bachelors Degree in Computer Science, Information Security or related
technology field or equivalent experience.

Experience and deep understanding of SDLC lifecycle including SAST, DAST, automation and change management

Previous experience in cloud security and platforms such as AWS, GCP or
Oracle

Experience in network and web application firewalls such as Akamai and
cloudflare

Experience in IAM security, Infrastructure as code, secrets management and secure data storage

Experience with cloud security tools such as CSPM, CIEM and CWPP

Well versed in DNS, Load Balancing, SSL, TCP/IP, networking, IDS and IPS.

Self starter with good problem solving skills with critical thinking

Eloquent with communication style to drive the change and influence the
stakeholders to inculcate risk based decision making

---

Job tags

---

---

Salary