Phenom People is looking for a Principal Engineer - Application Security to join our Engineering team in Hyderabad, Telangana, India.
As a Principal Engineer - Application Security, you will be responsible for developing and maintaining secure applications and systems. You will be responsible for designing, developing, and implementing security solutions, as well as providing guidance and support to other engineers.
- Design, develop, and implement security solutions for applications and systems
- Monitor and analyze security threats and vulnerabilities
- Develop and maintain secure coding practices
- Research and recommend security solutions
- Develop and maintain security policies and procedures
- Provide guidance and support to other engineers
- Stay up to date with the latest security trends and technologies
- Bachelor's degree in Computer Science, Information Security, or related field
- 5+ years of experience in application security
- Experience with secure coding practices
- Knowledge of security standards and best practices
- Knowledge of security tools and technologies
- Excellent problem-solving and communication skills
- Ability to work independently and as part of a team
● Bachelor’s degree or higher in a related field
● 6 + years of hands-on technical expertise in Application Security Architecture, automation, integration, and deployment (DevSecOps).
● Experience with Cloud environments, security controls, and corresponding cybersecurity challenges.
● Experience implementing, managing, and supporting a vulnerability management program (process and technology) in Agile environments.
● Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
● Experience and knowledge of implementing a DevSecOps ecosystem and a well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs.
● Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE)
● Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.
Something looks off?