Job Description
MoEngage is an insights-led customer engagement platform, trusted by 1,200+ global consumer brands. As a Great Place to Work Company we are a young, fast-paced and intelligent customer engagement platform that fosters a culture of innovation, ownership, freedom, and fun while building future-ready technology products. Sitting at a conflux of diverse technologies like Artificial Intelligence, Big Data, Web & Mobile platforms, MoEngage technology analyzes billions of data points generated by customers and their devices in order to predict their behavior and engage them at every touchpoint throughout their lifecycle with personalized communication.
In just eight years since our inception, we have worked with leading Fortune 500 brands such as Deutsche Telekom, Samsung, Ally Financial, Vodafone, and McAfee along with internet-first brands such as Flipkart, Ola, OYO, Bigbasket, and Sharechat, with a global presence that encompasses 35 countries. We currently have offices in San Francisco, Boston, London, Dubai, Ho Chi Minh city, Bangkok, Kuala Lumpur, Singapore, Sydney, Vietnam, Berlin, Jakarta, and Bengaluru.
The care we give to our customers is quite high! Our achievement of top service and support ratings in Gartner's Magic Quadrant, Gartner Peer Insights, and G2 Summer Reports is a testament to that. Another commendable quality is our people-centric culture, as we have recently been included in Battery Ventures' top 25 private cloud computing companies. As recognized by the DivHERsity Awards, we are one of the top 20 diversity companies in the world, while the Economics Times names us as one of the Top Organizations for Women.
Key Skills: Product Security, Application Security Testing, Secure SDLC, Secure code review, Application Security, Threat Modeling, OWASP Top10 , Years of Experience: 5-8 yearsDoes this sound like you?
You enjoy solving challenging technical problems.
You have an experience that shows breadth and depth of security knowledge. You
are strong in multiple domains of software security.
You know how to work as a partner with product teams and give them the advantage
of your security experience.
You recognize, adopt, use, and recommend best practices in security engineering.
You work ceaselessly to improve your knowledge of the security threat landscape and
of technologies that enable new forms of attack and defense.
You are an effective communicator who engages well with technical and
non-technical audiences alike.
Skills that you would need:
Ability to implement and drive information and data security initiatives for MoEngage SaaS Application.
Understanding of security by design principles and architecture level security concepts and ability to promote secure design principles and a security-focused outlook across a large organization.
Exposure to multiple security engineering disciplines such as application security, secure software development, cryptography, network security, system security, and security policy.
Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25
The desire to solve security challenges at scale, and work on securing the next generation of applications powering the most sophisticated customer engagement platform ever built.
Experience in providing practical solutions that enable product and architecture teams to meet business goals while controlling security risk.
Ability to solve problems at their root and step back to understand the broader context.
Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them.
Good understanding of information security policies, practices, and standards.
As a Security Lead, you will:
Drive various application security initiatives to perform end-to-end security reviews to ensure critical information is appropriately protected. Identify security vulnerabilities and risks, and develop mitigation plans.
Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start.
Promote secure design principles and a security-focused outlook across a large organization.
Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.
Produce creative and inventive solutions for large problems. Participate in projects that develop new intellectual property.
Be an advocate for customer trust.
Perform regular VA/PT for web, API and SDK
Identify process gaps in our application security pentesting and vulnerability
Management.
Own and implement recommendations and fixes.
Requirements:
Bachelor's degree in computer science, computer engineering.
5 to 8 years of experience in the application security domain.
Detailed technical knowledge and conceptual understanding of Application Security
Concepts, tools and practices.
Exposure of medium to advanced level of hands on implementation of SAST, SCA
tools
Good to have experience in Secure Code Assessment, Dynamic Assessment,
Software Composition Analysis and risk identification.
Good to have experience in security vulnerability assessments and remediation
techniques.
Thorough understanding of OWASP Top 10, their attack & defense mechanisms
(XSS, SQLi, CSP, CORS, SSRF)
Understanding of different AuthN/AuthZ frameworks ( oAuth, SAML)
Should be familiar with common tools (Postman, Burpsuite, etc )