Senior Engineer- Security Research

Open position

Bangalore
5-10 Years

Roles & Responsibilities:

  • Create signatures for Indusface WAS & WAF product to detect & protect Web applications vulnerabilities.
  • Research evolving web attacks, CVEs, and evasion techniques targeting web apps and APIs and generate detection logic based on real-world payloads and tools.
  • Build behaviour-based logic, anomaly scoring, and payload inspection for advanced threats.
  • Design and prototype new WAF product security features such as: Bot, DDOS, WAAP, etc.
  • Outstanding problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
  • Drive the end-to-end release process for WAF detection updates and product features.
  • Coordinate with DevOps/Release teams to validate rollout on staging and production.
  • Monitor post-release impact and lead fixes for regressions or tuning issues.
  • Trouble-shooting customer cases & provide timely solutions and write RCAs wherever necessary.
  • Developing Security tools, automation to ease manual/repeated work to increase efficiency in providing the solution.

Candidate Profile:

5-10 years of vulnerability analysis, research and developing IPS/IDS/WAF signature writing experience.

Good understanding of:

  • Firewalls, proxies, SIEM, antivirus, and IDPS concepts
  • Windows & Linux operating systems (REDHAT)
  • Network security, network layers (OSI Layer-3 and Layer-4)
  • Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc.
  • Network Penetration testing and techniques
  • Identify and mitigate network vulnerabilities and explain how to prevent them
  • Programming languages like C/C++ or Python

Hands-on experience in:

  • Research on zero days,  critical vulnerabilities, exploits in wild, discover new vulns
  • Web-app security  (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25
  • Network analysis tools like tcp dump, Wireshark, Burp suite and assisting tools like Debuggers, Hex Editors, etc.
  • Crafting Regular Expressions, Verification & Validation
  • Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc.
  • Analysing existing or writing new POCs
  • DOS attacks, Bot attacks, API based attacks & its exploitation/testing tools
  • Experience with ML-assisted detection or behavioural security models
  • Contributions to open-source security tools or research publications
  • Certifications (e.g., OSWE, GWAPT, CEH, CISSP) are a plus
  • Effective written and verbal communication skills.

Good to have :

  • Knowledge on Mod Security and Rule writing
  • Understanding of Lua, nginx, Apache
  • Developing security related tools/programs.
  • Knowledge on Cloud infrastructure services, Virtualization software (VMWare , Virtual PC/ Virtual Box , XEN , etc)
  • Experience in any of Java, Test NG, Linux Scripting, shell scripting, Python, Perl
  • Experience/Knowledge in Amazon Web Services
Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Join us

Resume *
Invalid file type please choose a PDF or DOC

Have a friend who
would love this?

Linkedin Icon - Indusface Share with your network
Refer A Friend Program - Indusface