Senior Engineer- Security Research

About Indusface:

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 6500+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Indusface, funded by Tata Capital Growth Fund II, is the only vendor to receive 100% customer recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights™ Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022 Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the recipient of many prestigious start-up awards.

Indusface’s Product Suite:

• AppTrana WAAP Platform - AI-Powered, Fully Managed Application and API Protection.
• Indusface WAS Platform - Fully Managed DAST Platform for Website, Mobile App & API Vulnerability Scanning.
• SSL/VMC Certificates - Secure your online digital communication and build customer trust.

Why Join Us?

• Be part of a Market Leader - Work with an industry-recognized cybersecurity company trusted by global enterprises.
• Shape the Future - Play a pivotal role in driving innovation, partnerships, and revenue growth.
• Fast-Paced Growth - Thrive in an agile, high-growth environment with opportunities to make a real impact.
• Collaborate with the Best - Work alongside industry experts and thought leaders.
• Rewards & Recognition - Competitive salary, performance-based incentives, and clear career growth pathways

Responsibilities:

• Create signatures for Indusface WAS & WAF product to detect & protect Web applications vulnerabilities.
• Research evolving web attacks, CVEs, and evasion techniques targeting web apps and APIs and generate detection logic based on real-world payloads and tools.
• Build behaviour-based logic, anomaly scoring, and payload inspection for advanced threats.
• Design and prototype new WAF product security features such as: Bot, DDOS, WAAP, etc.
• Outstanding problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
• Drive the end-to-end release process for WAF detection updates and product features.
• Coordinate with DevOps/Release teams to validate rollout on staging and production.
• Monitor post-release impact and lead fixes for regressions or tuning issues.
• Trouble-shooting customer cases & provide timely solutions and write RCAs wherever necessary.
• Developing Security tools, automation to ease manual/repeated work to increase efficiency in providing the solution.

Candidate Profile:

5-10 years of vulnerability analysis, research and developing IPS/IDS/WAF signature writing experience.

Good understanding of:

• Firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Windows & Linux operating systems (REDHAT)
• Network security, network layers (OSI Layer-3 and Layer-4)
• Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc.
• Network Penetration testing and techniques
• Identify and mitigate network vulnerabilities and explain how to prevent them
• Programming languages like C/C++ or Python

Hands-on experience in:

• Research on zero days,  critical vulnerabilities, exploits in wild, discover new vulns
• Web-app security  (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25
• Network analysis tools like tcp dump, Wireshark, Burp suite and assisting tools like Debuggers, Hex Editors, etc.
• Crafting Regular Expressions, Verification & Validation
• Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc.
• Analysing existing or writing new POCs
• DOS attacks, Bot attacks, API based attacks & its exploitation/testing tools
• Experience with ML-assisted detection or behavioural security models
• Contributions to open-source security tools or research publications
• Certifications (e.g., OSWE, GWAPT, CEH, CISSP) are a plus
• Effective written and verbal communication skills.