Swiggy - Lead Security Engineer - VAPT

Job Profile : Software Development Engineer III - Security Engineering- Location : Bangalore | Karnataka Years of Experience : 6 - 8yrs About the Team & The Role : Swiggy is looking for a skilled, motivated, and collaborative Lead Security Engineer with a strong security mindset to join our Security team. In this role, you will serve as an expert and mentor to team members. You will be a strong communicator and influencer, showing curiosity to learn and understand the business. What will you get to do here? Code Security : - Code Obfuscation : Implement tools like Proguard to prevent reverse engineering for mobile apps. - Secure Coding Practices : Follow best practices to avoid common vulnerabilities, conduct regular security scans, and address new vulnerabilities. - Third-Party SDKs/Libraries : Ensure compliance with license policies, identify security risks, and manage updates. - Error Handling : Properly handle errors to avoid disclosing sensitive information and ensure debug logs are not included in production. Authentication and Authorization : - API Access Protection : Define, validate, and enforce the policies for secure access to API endpoints. - Secure Testing/Debugging : Ensure that secure pages are well-protected and credentials are regularly rotated. Device Security : - Root/Jailbreak Detection : Detect and respond to rooted or jailbroken devices. - Secure Storage Solutions : Use OS-provided secure storage options. App Distribution Security : - Monitoring for Piracy : Detect and prevent the distribution of pirated app versions. User Privacy : - Permission Management : Validate that we request only necessary permissions and explain their necessity. - Data Minimization : Validate that we collect only necessary data and ensure it's correctly documented in privacy policies. - Data Leak preventions : Ensure that we don?t leak sensitive user data in logs, analytics, dashboards etc Threat Detection and Response : - Runtime Application Self-Protection (RASP) : Detect and respond to threats in real-time. - Incident Response : Quickly analyze and respond to security incidents, handling bot traffic and fraudulent cases effectively. - Security Incident Patterns : Identify hacking patterns and implement protective rules. Compliance and Legal Requirements : - Regulations : Ensure compliance with data protection regulations (e.g., GDPR). - Industry Standards : Adhere to industry-specific security standards and perform regular VAPT (Vulnerability Assessment and Penetration Testing). Regular Security Testing : - Penetration Testing : Conduct regular assessments to identify and fix vulnerabilities. - Static and Dynamic Analysis : Use tools for comprehensive code analysis. - Code Reviews : Regularly review code for security vulnerabilities. Security Training : - Developer Training : Educate developers on secure coding practices and raise security awareness. - Builds and Executes Organizational Roadmaps : Plans and implements comprehensive security roadmaps. What qualities are we looking for? - 6 - 8 years minimum of Security Experience Required. - Bachelor's in Computer Science, Information Security, or a related field. - Proven Infra, Mobile application, and API security experience. - Proficiency in CIS (Center for Internet Security) standards implementation and interpretation. - Knowledge and understanding of security standards, security configuration reviews, secure architecture and cloud security. - Secure coding, encryption, threat modeling, and security tools. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 11/25/2024