Description

It’s an exciting time to be at Infoblox. Named a Top 25 Cyber Security Company by The Software Report and one of Inc. magazine’s Best Workplaces for 2020, Infoblox is the leader in cloud-first networking and security services. Our solutions empower organizations to take full advantage of the cloud to deliver network experiences that are inherently simple, scalable, and reliable for everyone. Infoblox customers are among the largest enterprises in the world and include 70% of the Fortune 500, and our success depends on bright, energetic, talented people who share a passion for building the next generation of networking technologies—and having fun along the way.

We are seeking an experienced Product Security Engineer II to join our Product Security Engineering team in Bengaluru, reporting to the senior manager of Product Security Engineering. In this role, you will be crucial in leading and ensuring the security and integrity of our applications and systems. You will be responsible for identifying, assessing, and mitigating security risks and implementing robust security measures throughout the software development lifecycle. Your expertise in application security, threat modeling, and penetration testing will be essential in safeguarding our critical systems and protecting sensitive data from potential threats.

You are the ideal candidate if you are highly motivated with a keen interest in staying up to date with the latest technologies and the ever-evolving application threat landscape. You are also passionate about product security and dedicated to maintaining the highest standards.

What you’ll do, 

Perform security assessments, application security reviews, and penetration testing for SaaS services, on-prem solutions focused around DNS/DHCP protocolCollaborate with development teams to enforce secure coding practices, guidelines, and standardsEnsure integration of security requirements and threat modeling considerations into the software development lifecycle. Offer guidance and support during security-related discussions and decision-making processesProvide guidance on secure design principles and assist in addressing security issuesPlan, execute, and analyze application security testing, including penetration testing, vulnerability scanning, and code reviewsInterpret penetration test results and recommend remediation measures based on identified threatsWork closely with development teams to design and implement effective security controls like access controls, authentication mechanisms, encryption, and secure communication protocolsUtilize threat modeling outputs to guide security control selection and implementationKeep up-to-date with emerging security threats, vulnerabilities, and best practices in application security and threat modelingEducate development teams on secure coding practices, common vulnerabilities, and security best practicesConduct security training sessions and workshops to raise awareness of threat modeling concepts and foster a security-conscious culture

What you’ll bring: 

Minimum 5 years of experience in vulnerability management and penetration testing Strong knowledge of application security principles, threat modeling methodologies, and best practices Proficiency in secure coding practices, vulnerability assessment, and penetration testing methodologiesStrong development knowledge in Shell Scripts, Python or Golang is a major plus Familiarity with cloud environment like AWS, GCP, Azure and technologies like Kubernetes, Containers etc.Familiarity with common web application vulnerabilities (e.g., OWASP Web/API Top 10) and corresponding mitigation techniques. Experience with implementing and managing security testing tools and technologies, such as static analysis tools, dynamic application scanners, and penetration testing frameworksStrong understanding of secure software development lifecycle (SDLC) and ability to integrate security practices and threat modeling into agile development processes with SAST & DAST tools, including Coverity, CodeQL, SonarQube, and ContrastKnowledge of authentication, authorization, and access control mechanisms, cryptographic algorithms, and secure network communication protocolsFamiliarity with industry standards and frameworks such as ISO 27001, NIST, PCI DSS, and GDPRExcellent communication and collaboration skills, with the ability to effectively communicate technical concepts to non-technical stakeholdersRelevant certifications such as CISSP, CSSLP, CEH, OSCP, and/or OSWE are a plusGood understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.MS/M.tech or BS/B.tech in Computer Science or related field, or equivalent work experience required 

What success looks like: 

After six months, you will…

Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that require secure code reviews and application security assessmentsReach proficiency with processes and procedures laid out for the team in delivering best-in-class product security servicesBuild knowledge and hands-on experience with cutting-edge technologies Understand the team of engineers and the current state

After about a year, you will…

Be an independent key contributor to the teamContribute to the development and implementation of a comprehensive product security framework that encompasses multi-cloud infrastructure and SaaS products and servicesIdentify and address potential vulnerabilities and threats in our products and servicesContribute to promoting a security-conscious culture within the organization, including conducting security awareness campaigns, delivering training sessions, and providing guidance to development teams on secure coding practices and threat modeling 

We’ve got you covered:

Our holistic benefits package includes coverage of your health, wealth, and wellness—as well as a great work environment, employee programs, and company culture. We offer a competitive salary and benefits package, including a 401k with company match and generous paid time off to help you balance your life. We have a strong culture and live our values every day—we believe in transparency, curiosity, respect, and above all, having fun while delighting our customers.

Why Infoblox?

We’ve created a culture that embraces diversity, equity, and inclusion and rewards innovation, curiosity, and creativity. We achieve remarkable results by working together in a supportive environment that focuses on continuous learning and embraces change. So, whether you’re a software engineer, marketing manager, customer care pro, or product specialist, you belong here, where you will have the opportunity to grow and develop your career. Check out what it’s like to be a Bloxer. We think you’ll be excited to join our team.


#LI-AS1