Application Security Engineer

Clarke County, VA
Jun 18, 2019
Jun 21, 2019
Full Time
About Us: Exzeo Software Pvt. Ltd. is the IT Division (Software Development) of Homeowners Choice Inc. which is publicly-held. Its common shares trade on The NYSE Global Market under the ticker symbol "HCI". Exzeo Software was opened up in India with development center in Sector 62, Noida. Exzeo Software takes pride in having a team of highly ambitious and innovative techies who loves to take challenges and always try to give its best. For more information you can visit us on Experience- 2-4 years Job responsibilities: Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS and Web. Ability to flow from black box to gray box to white box tests. Ability to effectively work with the engineering teams to provide technical risk. assessment of technologies in networks, applications, code reviews in the release management cycle. Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source. Perform, review and analyze security vulnerability data to identify applicability and false-positives. Conduct penetration testing in line with Open Web Application Security Project (OWASP) Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment. Required Skills and Abilities: OWASP top 10. Security Pen Testing methodologies including automated scans and manual methods. Tools including Burp, Nexpose, NMap, Whois, ZAP etc. is a plus. Good Hands-On with Linux Debian Flavors and security hardening of the same. Understanding of Web Servers and HTTP 1.0/1.1 Protocol. Troubleshooting web servers like Haproxy, Apache, Nginx and other reverse proxy platforms. Basic understanding of NodeJS, Python and JAVA. TCP/IP networking including IP classes, subnets, NAT. SSL Handshake and Certificates Understanding. DNS and DHCP, Network troubleshooting. Remote access methods. Backup and disaster recovery methodologies. Network analysis tools. Good Hands-on using Linux Debian Flavors. Experience with security issues in Cloud Technologies (AWS). Ability to grasp new technology concepts quickly. Good documentation skills. Ability to work in a team environment and interact with people. Knowledge and understanding of basic information security principles. Should be aware of the latest Major Application Zero-day vulnerabilities. Should be able to understand security alerts and take necessary actions accordingly.