Senior Analyst - Software Security
We are hiring Software Security - Senior Analyst for our client based at Gurgaon.
Job Overview:
We are seeking an experienced and technically hands-on Senior Analyst, Software Security. This role requires someone who can work directly with Company software engineering teams to review, assess, and analyze software/code for security vulnerabilities and identification of appropriate security controls required to protect software and systems from cyber threats. This role reports to the Director Cybersecurity and collaborates with internal and external stakeholder groups to ensure compliance with Company, regulator, and industry security requirements.
Qualifications:
- Bachelor's degree in computer science, information technology/security or a related field.
- 6+ years of relevant hands-on work experience in Software Security, including use of security testing tools, code reviews, and vulnerability assessments/management.
- Strong understanding of secure software development principles and practices, including security controls, vulnerabilities and exploits, and risk assessments.
- Familiarity with automotive software engineering, including embedded systems and communication protocols.
- Familiarity with cybersecurity standards such as ISO 2700X, ISO 21434, OWASP, NIST SP 800-XX, etc.
- Excellent written and verbal communication and interpersonal skills to effectively collaborate with cross-functional teams.
- Proven ability to lead and manage complex projects from conception to completion.
- Ability to present ideas in a clear and concise manner.
- CEH, OCSP, or other relevant industry certifications preferred.
Technical Requirements:
- In-depth knowledge of Software Security controls, including encryption, access controls, authentication methods, etc.
- Deep understanding of common software vulnerabilities (e.g., SQL injection, XSS, CSRF, etc.).
- Experience with programming languages and frameworks commonly used in modern applications (e.g., Java, Python, C/C++).
- Proficiency in Software Security testing methodologies (e.g., OWASP Top 10) and tools (e.g., Burp Suite, Nessus, Metasploit, SAST/DAST).