Senior Engineer- Security Research

Bangalore
5-10 Years
Careers  »  Current Openings  »  Senior Engineer- Security Research

About Indusface:

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 6500+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Indusface, funded by Tata Capital Growth Fund II, is the only vendor to receive 100% customer recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights™ Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022 Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the recipient of many prestigious start-up awards.

Indusface’s Product Suite:

  • AppTrana WAAP Platform - AI-Powered, Fully Managed Application and API Protection.
  • Indusface WAS Platform - Fully Managed DAST Platform for Website, Mobile App & API Vulnerability Scanning.
  • SSL/VMC Certificates - Secure your online digital communication and build customer trust.

Why Join Us?

  • Be part of a Market Leader - Work with an industry-recognized cybersecurity company trusted by global enterprises.
  • Shape the Future - Play a pivotal role in driving innovation, partnerships, and revenue growth.
  • Fast-Paced Growth - Thrive in an agile, high-growth environment with opportunities to make a real impact.
  • Collaborate with the Best - Work alongside industry experts and thought leaders.
  • Rewards & Recognition - Competitive salary, performance-based incentives, and clear career growth pathways

Roles & Responsibilities:

  • Create signatures for Indusface WAS & WAF product to detect & protect Web applications vulnerabilities.
  • Research evolving web attacks, CVEs, and evasion techniques targeting web apps and APIs and generate detection logic based on real-world payloads and tools.
  • Build behaviour-based logic, anomaly scoring, and payload inspection for advanced threats.
  • Design and prototype new WAF product security features such as: Bot, DDOS, WAAP, etc.
  • Outstanding problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
  • Drive the end-to-end release process for WAF detection updates and product features.
  • Coordinate with DevOps/Release teams to validate rollout on staging and production.
  • Monitor post-release impact and lead fixes for regressions or tuning issues.
  • Trouble-shooting customer cases & provide timely solutions and write RCAs wherever necessary.
  • Developing Security tools, automation to ease manual/repeated work to increase efficiency in providing the solution.

Candidate Profile:

5-10 years of vulnerability analysis, research and developing IPS/IDS/WAF signature writing experience.

Good understanding of:

  • Firewalls, proxies, SIEM, antivirus, and IDPS concepts
  • Windows & Linux operating systems (REDHAT)
  • Network security, network layers (OSI Layer-3 and Layer-4)
  • Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc.
  • Network Penetration testing and techniques
  • Identify and mitigate network vulnerabilities and explain how to prevent them
  • Programming languages like C/C++ or Python

Hands-on experience in:

  • Research on zero days,  critical vulnerabilities, exploits in wild, discover new vulns
  • Web-app security  (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25
  • Network analysis tools like tcp dump, Wireshark, Burp suite and assisting tools like Debuggers, Hex Editors, etc.
  • Crafting Regular Expressions, Verification & Validation
  • Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc.
  • Analysing existing or writing new POCs
  • DOS attacks, Bot attacks, API based attacks & its exploitation/testing tools
  • Experience with ML-assisted detection or behavioural security models
  • Contributions to open-source security tools or research publications
  • Certifications (e.g., OSWE, GWAPT, CEH, CISSP) are a plus
  • Effective written and verbal communication skills.

Good to have :

  • Knowledge on Mod Security and Rule writing
  • Understanding of Lua, nginx, Apache
  • Developing security related tools/programs.
  • Knowledge on Cloud infrastructure services, Virtualization software (VMWare , Virtual PC/ Virtual Box , XEN , etc)
  • Experience in any of Java, Test NG, Linux Scripting, shell scripting, Python, Perl
  • Experience/Knowledge in Amazon Web Services
Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Join us

Resume *
Invalid file type please choose a PDF or DOC

Have a friend who
would love this?

Linkedin Icon - Indusface Share with your network
Refer A Friend Program - Indusface