YASH Technologies

Consultant - Application Security Job

YASH Technologies  •  Bengaluru, IN (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

JD:

  • Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
  • Engineering Consulting – Serving as a “best friend” to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions when implementing new features and remediating existing issues.
  • Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
  • Security Test Onboarding & Management – Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
  • Maturity Measurement – Consulting with software engineers on practices which will improve their application’s security maturity according to scorecards and maturity models established by Cat Digital.
  • Correction of Error – Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.

Basic Qualifications

Two of three:

  • 5+ years of experience as a software engineer (in any language or framework) or software engineering manager
  • 5+ years of experience as a software development-focused cybersecurity professional
  • 5+ years of experience working on a major cloud platform (AWS, Azure, GCP, or Salesforce) as a software engineer, cloud/DevOps engineer, security engineer, or architect.

As well as:

  1. Experience analyzing and remediating security findings from automated and manual sources such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), penetration testing, Software Composition Analysis (SCA), etc.
  2. Experience leveraging one or more of the following resources to support secure coding and decision-making:
  1. OWASP Top 10
  2. MITRE Common Weakness Enumeration (CWE) Top 25
  3. OWASP Application Security Verification Standard (ASVS)
  4. Other industry-standard best practice guides or frameworks
  1. Experience building or supporting web applications and API’s including Single Page Applications (SPA) and RESTful API’s.
  2. Proficiency in one or more programming languages.

Candidates must also demonstrate the following attributes:

  • Decision-Making Ability – Our engineers make sound, justifiable, customer-first decisions to determine which security issues to raise to software engineers/leaders and support work prioritization decisions.
  • Strong Communication – Our engineers relate complex technical concepts to non-technical audiences and technical audiences without a security background. Additionally, the Cat Digital team spans the globe, and our engineers must collaborate effectively with engineers from a number of locations and cultural backgrounds.
  • Active Participation – Software engineering is not a “spectator sport”. The input and experience our engineers bring to the table are valued and should be shared freely. Similarly, engineers are relied upon to complete complex assignments at a high level of quality with limited supervision.
YASH Technologies

About YASH Technologies

YASH Technologies is a consulting-led transformation partner with a proven track record of helping customers address their current and prospective digital transformation challenges. Recognized as "Large enough to transform and small enough to care," our customer-centricity and robust value systems have helped us earn the trust of our clients globally and enabled us to be the "Digital Partner of choice" of 75+ global F500 companies. We combine battle-tested consulting, technology, advisory, and outsourcing services capabilities "Glocally" with a consultative & value-centric approach to enable clients to achieve unprecedented performance and revenue growth at optimized costs. We are incredibly passionate about our mission - driving customer success, engaging with our associates, and giving back to the communities in which we live. We have fostered an environment that empowers associates and allows them to actualize themselves while enabling them to deliver exceptional experiences to our customers and partners.

We deeply treasure the trust evolve as an organization to bring our business, industry, and technology experience to develop and optimize innovative business-driven technology solutions for our customers. Regarding our vision, mission and values, YASH is focused on building long-term relationships and working with clients as an extended team. As such, YASH has created a culture where people feel empowered to make a difference; where every YASHian is passionate about innovation and collaboration; and where we take care of each other, our clients, our partners, and our communities just because it is the right thing to do.

Industry
IT & Software
Company Size
5,001-10,000 employees
Headquarters
East Moline, IL
Year Founded
1996
Website
yash.com
Social Media