Loading...

Sr. Application Security Developer Engineer

Bangalore, KA, IN, 560103

Technology Office

Sophos Overview – Cybersecurity Evolved

Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs, our cloud-native and AI-enhanced solutions are able to adapt and evolve to secure endpoints and networks against never-before-seen cybercriminal tactics and techniques. Managed through our award-winning, cloud-based platform, Sophos Central, our best-of-breed products work together through our unique Synchronized Security system to share threat intelligence and respond to evolving threats. The Sophos suite of products secures networks and endpoints against automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more.

Job Purpose

As a member of the Application Security team, the Senior Application Security Engineer works closely with software engineers, architects, product management and others help integrate tools into their build/development environments to ensure consistent application of security controls across the product portfolio. This person should be familiar with Secure Development practices and have experience helping product teams adopt these activities.

We seek a top-performing technical leader with the passion, experience and gravitas to effectively lead and contribute to this critical technology function. The ideal candidate will be a high energy, team oriented, customer driven problem solver with prior experience building secure software for enterprises.

This a great opportunity to help secure a world-leading cybersecurity company. As you’d expect you’ll be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced and exciting environment where security is a priority. 

 

Main Duties

  • Roll out tools and services to all Sophos Product teams
  • Design and implement frameworks and features that are instrumental securing Sophos software and systems.
  • Guide teams in the adoption of Secure Development activities. (Training, Threat Modeling, Static/dynamic analysis)
  • Participate in planning and architecture sessions with engineering management, architects, operations, and development team leads.
  • Help teams integrate fuzzing into their test environments.
  • Help product teams move to a DevSecOps way of performing application security.  

 

Qualities:

  • Understand how vulnerabilities happen, and how to fix them at an architectural level.
  • Familiarity with static analysis security testing software. (Findbugs, Coverity, Fortify, Veracode, etc)
  • Solid understanding of Software development principles.
  • Solid understanding of fuzzing
  • Excellent analytical and troubleshooting skills and demonstrated ability to investigate and solve complex problems, including solving critical production issues in complex systems and investigating and determining root causes.
  • Technical acumen to lead the creation of both system-level and service-level designs in collaboration with other technical experts.
  • Familiarity with Threat Modeling and Secure Development in general.
  • Understanding of how to build tools, frameworks and services that will be consumed by other development teams.
  • Penchant for automating everything, and in particular, experience tackling the challenges associated with building frameworks for, automating deployments to and monitoring and maintaining the health of cloud platforms.
  • Understanding of common standards / processes / tools and the ability to leverage them where possible.
  • Excellent in verbal and written communication, and able to constructively discuss and convey differing ideas, approaches, and perspectives, particularly in written communications.
  • Eagerness to learn the world of Internet security and the Sophos product suite.
  • Occasionally required to be available out-of-hours. 

 

Skills & Experience

Essential:

  • Solid understanding of common vulnerabilities (OWASP top 10, SANS top 25)
  • Strong scripting skills to help integration of tools and other systems
  • Strong Linux/Unix systems experience
  • Exceptionally strong written and verbal communications skills, as well as good interpersonal and organization skills
  • Strong understanding of build environments and source code management systems.
  • Team Player 

 

Desirable:

  • Experience with Agile Software Development methodologies 
  • Experience working with CI/CI pipeline tools like Jenkins, Terraform, etc
  • Experience presenting research material at security conferences. 
  • Contributions to open-source security projects and/or publications. 

 

Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

 

 

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.