Application Security Engineer- India Remote

Location: IN

Company: WIRmachenDRUCK

Do you enjoy working with the latest tech and rolling up your sleeves to help organizations achieve their goals in the cloud, on-premises and everywhere in between? If so, read on!

Who We Are

Cimpress is the world leader in mass customization. You’ve probably heard of our brands, Including WIRmachenDRUCK, Vista, Printdeal, Druck.at, National Pen, Pixartprinting Exaprint, Tradeprint, EasyFlyer, BuildaSign and others.

WIRmachenDRUCK – as part of Cimpress - is looking for a (Senior) Application Security Engineer to support and coordinate our development teams in terms of application security as well help to continuously develop our Secure Software Development Lifecycle (SSDLC).

In this role, as part of WIRmachenDRUCK central security team, you will work with our development community to develop and implement secure coding practices. You will be shaping our security vision and have a tangible impact on a large and ever-increasing number of developers.

This is an excellent opportunity for individuals looking to significantly impact an exciting, highly creative, and ever-evolving culture. Join us and make your mark!

What You Will Do

As a (Senior) Application Security Engineer, you will provide the architectural expertise to ensure robust and resilient software. You will also have a critical role in ensuring we are providing the proper training, development frameworks, enabling our developers the

freedom to experiment and take informed decisions when trying new things. We’re seeking someone passionate about software development and looking for opportunities to improve it.

Your Qualifications

At WIRmachenDRUCK, we value the experiences that individual team members add to our culture. Please don't hesitate to apply even if you don't meet the exact qualifications, we look forward to learning more about you!

• Excellent verbal and written communication skills for presenting solutions and sharing knowledge.

• 3 - 5 years of experience as a software engineer & developer with hands-on experience in penetration testing of enterprise level software products.

• Application Security & Penetration testing Experience

  • Perform penetration tests on web applications, network devices, cloud infrastructures, web-services (REST and Swagger).

  • Design and conduct simulated social engineering attacks

  • Research and experiment with different types of attacks

  • Develop & automate methodologies for penetration testing

  • Automate common testing techniques to improve efficiency

  • Write reports on penetration tests; help fix and verify vulnerabilities.

  • Analyze external vulnerability reports & pen-testing reports, security scans, and penetration tests, coordinate fixes.

  • Participate in security design discussions.

  • Stay updated on vulnerabilities, attack methods, and security trends.

  • Troubleshoot, debug, and upgrade existing gaps in security features of the applications.

  • Identify and fix security vulnerabilities in code.

• Security Practices and Implementation Experience

  • Analyze bug reports, security scans, and penetration tests & coordinate fixes.

  • Monitor, assess and respond to security incidents.

  • Conduct workshops and training on penetration testing for microservices, database & web app.

• Technical Skills and Knowledge

  • Experience with the AWS, LAMP stack (Linux, Apache, MySQL, PHP), Node.js (MERN stack/MEAN stack), Docker, Kubernetes, Bitbucket CI, etc.

  • Security testing tools such as Burp Suite, Nessus, SQLmap, Arachni, OWASP ZAP, MSF, Offensive Security distributions, Nmap, others.

  • Programming languages, especially for scripting (PHP, MySQL, BASH, Nodejs, HTML)

  • Certifications such as CEH, CISSP, OSCP, CPENT, others.

Nice to Have

• Broad awareness of security engineering concepts and practices across all phases of the software development lifecycle

• Knowledge of all kinds of security related protocols and standards (TLS, OAUTH)

• Knowledge of risk and security frameworks and standards (ISO 27001, NIST CSF, FAIR)

• Familiarity with the tools for various security activities: SCA, SAST/DAST as well as best-practice documents like OWASP Top 20

Why You'll Love Working Here

Being at WIRmachenDRUCK means that you don’t see work as just a building, a desk or a manufacturing floor. You see it as a chance to take a step forward in your career journey – and your life. We strive to give you everything you need to learn, grow, and succeed.

Through innovation, collaboration, and perpetual exposure to what’s next, we’re always pushing boundaries and broadening our horizons. We embrace the chance to operate outside of our comfort zone to discover what we’re capable of. Some might call that a challenge; we just call it another great day at work.

We're Remote-First

In 2020, WIRmachenDRUCK adopted a Remote-First operating model and culture. We heard from our team members that having the freedom, autonomy and trust in each other to work from home and, the ability to operate when they are most productive, empowers them to be their best. WIRmachenDRUCK also provides collaboration spaces for team members to work physically together when it's safe to do so and when in-person collaboration will deliver the best results.

Equal Opportunity Employer

WIRmachenDRUCK, a Cimpress company, is an Equal Employment Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, sex, national or ethnic origin, nationality, age, religion, citizenship, disability, medical condition, sexual orientation, gender identity, gender presentation, legal or preferred name, marital status, pregnancy, family structure, veteran status or any other basis protected by human rights laws or regulations. This list is not exhaustive and, in fact, in many cases, we strive to do more than the law requires.