Security Engineer / Senior Security Engineer
Pune, Maharashtra, India · Remote
Posted on Monday, January 31, 2022
• Salary Range: (₹10 Lacs to ₹25 Lacs) + Bonuses + Healthcare + Professional Development Budget
• Bonus: Up to 10% of annual salary. Work Hours & Location: 40 hours/week and Remote Working
• Healthcare: (no health check required):
• First 2 years - 2 lacs cover for you, spouse, and children
• After 2 years - 5 lacs cover with the inclusion of parents
We are looking for
Application security engineers to take on the application security projects entrusted to us by our clients. We have well-defined skill levels (L1 through L6) for which we recruit candidates and also use those skill levels to create career progression paths for the engineers. Please carefully review the levels below and specify the level which best describes your current skills on the next page.
Security Engineer ( Levels L1 to L3)
L1 engineers will be expected to use our standardized web-application test plan to provide depth and breadth coverage on client web-applications and API services where they are generally paired with more experienced engineers on projects. They are also expected to start learning how to write good reports for basic security issues. They are expected to graduate to the next level within 12 months of starting this role.
L2 engineers should first meet the requirements for an L1 engineer and also be capable of performing Basic Network Scans , AWS Cloud Configuration reviews, basic Android app testing, and should be able to write quality reports for all types of issues as well as final reports for clients. They should also have any one of these additional skills:
• Basic iOS Testing
• GCP Cloud Config Review
• Azure Cloud Config Review.
L2 engineers will also be expected to contribute to internal skills improvement programs and knowledge sharing sessions. They are also expected to attend report read-out calls to gain experience in client expectations. They are expected to graduate to the next level within 12 months of starting the role which requires completing an OSCP (or approved equivalent) certification.
L3 engineers should have min 2 years of professional experience and be capable of performing advanced testing on both Android and iOS projects. They should also be capable of performing Advanced Network Assessments and basic testing of Thick-Client applications. In addition to writing reports, they will also be expected to peer reviews reports from other engineers as well as help junior engineers with their reporting.
L3 engineers are expected to actively participate in report read-out calls with clients and they are expected to graduate to the next role within 2 years of starting this role.
Senior Security Engineer ( Levels L4 to L6)
L4 engineers are expected to lead teams during web and mobile application projects and should be capable of fully assessing all web, mobile, and thick-client applications. They should also be capable of performing full network assessments, cloud configuration reviews, containers configuration review and also be able to review source code in two widely used languages. They are required to have completed certifications for GCP, AWS, and Azure cloud Platforms.
L4 Engineers are expected to lead kick-off calls with clients as well as lead final report read-out calls and act as the trusted advisor for the client. They are expected to graduate to the next role within 24 months of starting this role.
L5 engineers are highly experienced Senior Security Engineers who also know how to perform Threat Modeling for client solutions and can review source code in multiple languages.
L6 engineers are considered consistent leaders who can be counted on to always deliver quality to our clients. They may or may not have additional technical qualifications over an L5 engineer but their experience with client projects and leading other engineers sets them apart.
About Security Innovation
Security Innovation is a software security company with offices in Seattle, Boston, and Pune. We work with many different companies to help them build secure software through penetration testing, code review, training, and educational security products. We’re a team of passionate Security Engineers and Developers that love what they do. We perform security testing, code review, design review, are leaders in security research, go to security conferences, and have lots of time for professional development. We develop an incredible open security training range called CMD+CTRL.