Application Security Engineer II

3 days ago

Hyderābād, Sindh, Pakistan Zeta Full time $80,000 - $120,000 per year
About Zeta
Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015. Our flagship processing platform - Zeta Tachyon - is the industry's first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 20M+ cards have been issued on our platform globally. Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios. Zeta has over 1700+ employees - with over 70% roles in R&D - across locations in the US, EMEA, and Asia. We raised $280 million at a $1.5 billion valuation from Softbank, Mastercard, and other investors in 2021. Learn more @ , , Linkedin, Twitter  About the Role
  • This role is part of the RIsk & Compliance Team, Engineering division of Zeta. The Application Security Engineer is responsible to secure all mobile & web applications along with API's by breaking and hacking them and educating Developers as well as DevOps teams on how to fix them. The objective is to make zeta applications and platforms secure. As Application Security Engineer of the Product Security sub-division, you will be responsible for securing all the Zeta's Products. You will be working as an individual contributor reporting to a manager. 
  • Perform regular VA/PT for Web & Mobile applications, API & Infrastructure
  • Guide developers in fixing security issues.
  • Regular code reviews
  • Involve in application design discussions.
  • Perform Threat Modelling of Web/Mobile applications.
  • Develop secure code practices and educate dev and QA engineers by building security standards, policies for secure coding, secure data handling, secure networking, secure crypto implementation, etc.
  • Evaluate & Integrate security testing tools (SAST, DAST,SCA) in to CI/CD pipelines.
Responsibilities
  • Guide the technology organization's security and privacy initiatives by participating in design reviews and threat modeling.
  • The applications are developed by the developers and product managers, and you will make sure the applications are secured and hardened.
  • You will define the scope and ensure continuous adherence to the scope of projects at each phase (initiation to sustenance/maintenance phase).
  • You will be responsible for creating visibility, and adoption of the projects meant for internal customers.
  • Act as a security engineering expert and technical champion within Zeta.
  • Assess gaps, and tools to improve application security
  • Liasioning with all external and internal stakeholders for the team.
  • Mentoring developers and QA.
  • Evaluate bugs reported through the Bug Bounty program.
  • Run security posture of various applications across BU's.
  • Continuous improvement of web/mobile application security
  • Quarterly VA/PT (internal/external, authenticate/non-authenticated) for mobile/web.
  • Secure configuration of Web/Mobile application, DB, Data etc.
Skills
  • Hands on VA/PT experience in Web, Mobile, API & Network
  • Thorough understanding of OWASP Top 10, their attack & defence mechanisms
  • Exposure to Secure SDLC Activities, Threat Modelling & Secure Coding
  • Experience on both commercial and open source tools like Burpsuite, AppScan, OWASP ZAP, BEEF, MetaSploit, Qualys, Nessus, Synk etc.
  • Identifying & exploiting business logic-related vulnerabilities.
  • Solid understanding of Cryptography, knowledge of PKI-based systems, TLS
  • Understanding of different AuthN/AuthZ frameworks (OIDC, oAuth, SAML) able to read/write/understand java code
  • Performed Static Analysis, Code reviews using tools like Snyk, Veracode, Checkmarx, Sonarqube etc.
  • Hands on Reversing mobile applications, class/small files, data obfuscators, or ciphers (Dex2jar, adb, Drozer, Clang, iMAS) and Dynamic Instrumentation tools like Frida/Objection
  • Execute penetration tests and security assessments on internal and external networks, Windows and Linux environments, cloud (AWS) Infrastructure.
  • Identify and exploit incorrect configurations and security vulnerabilities on Windows and Linux servers. Safely utilize tools, tactics, and procedures used in penetration testing engagements.
  • Shell scripting or automation of simple tasks using Python, or Ruby
  • Knowledge of PA-DSS, PCI SSF (S3, SSLC) etc.
  • Knowledge of security standards like PCI DSS, UIDAI, GDPR, NIST etc.
  • Understanding of Java Frameworks like Springboot, CI/CD, Jenkins.
  • In-depth understanding of production operations on public cloud infrastructure.
  • Excellent written and oral communication and a penchant for technical documentation.
  • Must have participated in various bug bounty programs (HackerOne, Bug Crowd, Private etc)
  • Experience in conducting hackathons and CTF's
  • Knowledge of AWS/Azure (VPC/Vnet, S3 buckets, blob stores, LoadBalancers etc.), Dockers & Containers, Kubernetes
  • Good understanding of agile development practices.
  • Certifications like OSCP(Preferred), GWAPT, Advanced Web Attacks and Exploitation (AWAE), Comptia Security+
  • Knowledge of Databases - Postgresql, Redshift, My SQL etc. and other data stores like Elasticsearch and S3 buckets.
Experience and Qualifications
  • 2+ years of experience in developing large scale internet or SaaS applications.
  • 2 to 3 years of overall experience as Web/Mobile Application Security engineer or Developer in medium to large-sized product companies. · Bachelor of Technology (BE/B.Tech), M.Tech or ME in Computer Science or equivalent from a Tier-1 engineering college/university
Equal Opportunity
Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success

  • Senior Application Security Engineer

    3 days ago

    Hyderābād, Sindh, Pakistan Backbase Full time 1,500,000 - 3,000,000 per year

    The job in shortNo day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, you'll need to stay on your toes and ahead of the game.Your core responsibility is to guide and support the developer teams in delivering and  deploying...

  • Principal AI Application Security Engineer

    3 days ago

    Hyderābād, Sindh, Pakistan Backbase Full time 1,200,000 - 2,400,000 per year

    Principal AI Application Security EngineerThe job in short: keep millions of users and their banking data safe and secure.No day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, you'll need to stay on your toes and ahead of the...

  • Principal AI Application Security Engineer

    3 days ago

    Hyderābād, Sindh, Pakistan Backbase Full time $120,000 - $200,000 per year

    keep millions of users and their banking data safe and secure.No day at Backbase is the same, and even more so for our security engineers. We all know that security and banking need to go hand in hand and with hackers and tech evolving by the day, you'll need to stay on your toes and ahead of the game.Your core responsibility is to ensure the delivery of...

  • Manager - Application & Product Security

    3 days ago

    Hyderābād, Sindh, Pakistan Zeta Full time $120,000 - $180,000 per year

    About Zeta Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015. Our flagship processing platform - Zeta Tachyon - is the industry's first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing,...

  • Statistical Programming II

    1 week ago

    Hyderābād, Sindh, Pakistan Capgemini Engineering Full time 1,200,000 - 3,600,000 per year

    Choosing Capgemini means choosing a place where you'll be empowered to shape your career, supported by a collaborative global community, and inspired to reimagine what's possible. Join us in helping leading healthcare and life sciences organizations unlock the value of data and drive evidence-based, impactful research.Your RoleAs a Statistical Programmer II...

  • Security Engineer III

    3 days ago

    Hyderābād, Sindh, Pakistan F5 Full time

    At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.Everything we do centers around...

  • Engineer II-QA Automation

    2 weeks ago

    Hyderābād, Sindh, Pakistan Ryan, LLC Full time $40,000 - $80,000 per year

    Why Ryan?Global Award-Winning CultureFlexible Work EnvironmentGenerous Paid Time OffWorld-Class Benefits and CompensationRapid Growth OpportunitiesCompany Sponsored Two-Way TransportationExponential Career GrowthWe are seeking a QA Automation Engineer - II to contribute to the quality, reliability, and performance of enterprise applications through a strong...

  • Cyber Security Analyst

    3 days ago

    Hyderābād, Sindh, Pakistan UltraViolet Cyber Full time $40,000 - $80,000 per year

    Cyber Security Analyst UltraViolet Cyber is seeking a Cyber Security Analyst to add to our existing team. Primary responsibilities will require: (i) in-depth analysis of intrusions in diverse computing environments; (ii) thorough packet analyses; (iii) implementing/optimizing changes to security infrastructure; (iv) integrating threat intelligence into the...

  • Network security Engineer

    1 week ago

    Hyderābād, Sindh, Pakistan Tata Consultancy Services (TCS) Full time 500,000 - 1,500,000 per year

    Role: Network security engineerLocation: Hyderabad, Chennai, Bangalore, Pune, NoidaJob Description:Provide day to day operational support for the Firewall Management Service.Responsible for the design, planning, implementation, and operation of firewall setups and management.Your role involves resolving operational incidents, managing firewall security...

  • Engineer II-Full Stack

    2 weeks ago

    Hyderābād, Sindh, Pakistan Ryan, LLC Full time 1,200,000 - 3,600,000 per year

    Why Ryan?Global Award-Winning CultureFlexible Work EnvironmentGenerous Paid Time OffWorld-Class Benefits and CompensationRapid Growth OpportunitiesCompany Sponsored Two-Way TransportationExponential Career GrowthAs a Software Engineer II you will build customer-facing products and internal platforms that power our business, working in a modern stack that...