Security Researcher
Open position
Bangalore
3-5 years
Responsibilities:
We are on the lookout for a talented individual who is passionate about Vulnerability Analysis & Signature Development to work on our Web Security products. The individual will be joining a team with a proven track record in Bangalore India and be a part of our Suite of Products Unit. Primary focus of this role is to develop Scanner & WAF signatures delivered to customers regularly.Job Description:
- Create signatures for Indusface WAS & WAF products to detect & protect from Web application vulnerabilities.
- Reproducing vulnerabilities to understand the working of an exploit, etc. on need basis to verify existing WAS/WAF coverage.
- Research the advanced threat landscape, emerging trends of vulnerabilities, attacks, etc. and translate it into actionable foundational insights and opportunity areas to enhance scanner/WAF vulnerability coverage.
- Problem solving and troubleshooting skills are a must, as solutions to many problems might not be obvious.
- Develop tools for the automation of security processes using Python, PERL, PowerShell, etc.
- Collaborate with engineering teams to support/maintain/design backend applications and other operational platforms
Candidate Profile:
3+ years of experience in the area of information security with strong understanding of security basics, network vulnerabilities and analysing/developing IPS/IDS/WAF signatures.
- Good understanding of:
- Firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Windows & Linux operating systems (REDHAT)
- Network security, network layers (OSI Layer-3 and Layer-4)
- Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc.
- Network Penetration testing and techniques
- Identify and Analyse network vulnerabilities, Attack reproduction
- Programming languages like C/C++, Java and Scripting language like Python, Perl, etc.
- Hands-on experience in:
- Web-app security (SQL Injection, XSS, CSRF etc.), OWASP-10, SANS Top 25
- Network analysis tools like tcpdump, Wireshark, Burpsuite
- Crafting Regular Expressions, Verification & Validation
- Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc.
- Analysing existing or writing new POCs
- Effective written and verbal communication skills.
Good to have :
- Developing security related tools / programs
- Knowledge on Cloud infrastructure services
- Virtualization software (VMWare , Virtual PC / Virtual Box , XEN , etc), VPNs
- Knowledge on ModSecurity and Rule writing
- Experience in any of Java, Test NG, Linux Scripting, shell scripting, Python, Perl
- Experience/Knowledge in Amazon Web Services
Have a friend who
would love this?
Fully Managed SaaS-Based Web Application Security Solution
Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days
Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.
A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™