Associate - Application Security Specialist
- Not Specified
- Gurgaon, Haryana, India
- Permanent, Full time
- 19 Jan 19
About BlackRock BlackRock helps investors build better financial futures. As a fiduciary to our clients, we provide the investment and technology solutions they need when planning for their most important goals. As of September 30, 2018, the firm managed approximately $6.44 trillion in assets on
BlackRock helps investors build better financial futures. As a fiduciary to our clients, we provide the investment and technology solutions they need when planning for their most important goals. As of September 30, 2018, the firm managed approximately $6.44 trillion in assets on behalf of investors worldwide. For additional information on BlackRock, please visit www.blackrock.com | Twitter: @blackrock | Blog: www.blackrockblog.com | LinkedIn: www.linkedin.com/company/blackrock.
The Application Security team acts as a trusted assessor and risk advisor for the application development teams. The team comprises of junior and senior security engineers with expertise in application security and penetration testing. The team is the go-to team if one needs to get an attacker’s perspective on any technology. Your colleagues will be individuals who are passionate about technology and stay current with the knowledge of new attacks, vulnerabilities and security technologies. The Application Security team is a part of the Global Information Security (GIS) Team within the Technology and Operations umbrella. The team interacts with the numerous Software Development teams in issues as they relate to application security.
- The key responsibilities of the role are as follows:
- Individual contributor responsible for performing penetration tests and reviewing the security of the source code & libraries
- Be able to understand and assess application risks and mitigation methods or compensating controls
- Engage with development teams and/or senior management across various teams to influence efficient and effective fixes for application vulnerabilities
- Validate if the issues are fixed and work with the developers to suggest good ways to fix issues
- Engage with vendors and understand and retest the issues reported in their reports.
- Review and own the issues from Static Analysis and Interactive application security testing tools
- Create a software source code review process that is a part of the development cycles (SDLC, Agile, CI/CD)
- Educate the developers on the vulnerabilities that are found and translate the vulnerabilities into business risks
- Familiar with tools such as Bugzilla, JIRA, Issue trackers, GitHub, SVN, IDEs such as eclipse/IntelliJ and build tools such as Ant, etc.
- Contribute to the Software Security Standards with commonly found vulnerabilities
- Present a quarterly state of source code security to the CISO and a bi-annual educational session of commonly seen vulnerabilities for the development teams
- Create proof-of-concept to validate the fixes or educate the developers on how certain vulnerabilities can be exploited
- Create static code analysis tools where automated tools doesn't fit
Experience ( 4 - 7 years)
- B.Tech/M.Tech in Computer Science, Information Security, or a related field
- 4+ years of work experience as source code reviewer or code analyzer
- 4+ years of security, in an Application Risk Analysis or Information Security role
- Relevant certifications are a plus (e.g., OSCP, OSCE, OSEE, SANS Certifications)
- Network and application Penetration Testing experience
- Strong manual code review skills in Java, C/C++. Python, Perl
- Understand essentials of cryptography, operating systems, network security, application security such as understanding of gcc, Java, Perl and Python
- Familiarity with tools such as Veracode, Fortify, Contrast, CheckMarx, Coverity, FindBugs, BurpSuite, Kali Linux etc.
- Understanding of security of web applications, thick-client applications, RESTful web services, virtualization, docker, kubernetes, etc
- Proficiency in English for written and verbal communication
- Ability to multitask and be able to juggle different tasks with ease
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above.
BlackRock is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.
BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.