Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Senior Engineer - Applications Security

AT Suntory Global Spirits
Suntory Global Spirits

Senior Engineer - Applications Security

Gurgaon, India

What makes this a great opportunity?

The Senior Engineer: Application Security Engineer is a key member of the Global Information Security Team who work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that Suntory Global Spirit products are secure.

We are seeking a highly skilled and experienced Application Security Engineer to lead our DevSecOps, API security, threat modeling, mobile security initiatives. This role requires a blend of technical expertise and leadership to manage a team of engineers, ensuring the security, reliability, and efficiency of our CI/CD pipelines and SDLC processes. You will work closely with cross-functional teams to implement robust security measures, optimize our DevOps practices, and drive compliance initiatives.

Want more jobs like this?

Get jobs in Gurgaon, India delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


Role Responsibilities

• Developing and maintaining software application security policies and procedures
• Providing technical leadership, guidance, and direction to the application security team
• Developing and maintaining documentation of application security controls
• Implementing software application security controls
• Designing technical solutions to address security weaknesses.
• Improving and supporting application security tool deployments including static analysis and runtime testing tools Improving and maintaining secure development standards
• Providing manual penetration testing and standards gap analysis services to internal business and technology partners.
• Integrating threat modeling practices into the product life cycle.
• Implementation of web application firewall on all the websites.
• Providing security requirements for test-driven design
• Producing metrics reporting the state of application security programs and performance of development teams against requirements
• Ensuring the change & release management follows the defined processes & guidelines for application security.
• Developing and managing the DevSecOps for assurance of secure code practices across the organization
• Lead the remediation of application vulnerability screening and penetration testing.
• Manage integration with vulnerabilities assessment techniques, including Static Code Analysis and Dynamic Code Analysis

Qualifications

• Minimum of 6 years of experience in CI/CD, DevSecOps, Automation, Quality Engineering, and Cybersecurity.
• At least 4 years of experience in SAST/DAST and penetration testing.
• At least 2 years of experience in Web application firewall (AKAMAI) implementation.
• Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing.
• In-depth knowledge of web and API security vulnerabilities, attack vectors and mitigation techniques
• Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language.
• Fluent with security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools
• Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Knowledge of DevSecOps to maintain security in CI/CD pipeline.
• Solid experience with security tools like Fortify, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus
• Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk
• Strong knowledge of cryptography, API security, and secret management
• Ability to communicate concerns and issues clearly and effectively to the management and engineers.
• Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management.
• Good oral and written communication skills
• CEH & CISSP or CISA certification preferred.

Job Segment: Testing, PLM, Developer, Java, Information Security, Technology, Management

Client-provided location(s): Gurugram, Haryana, India
Job ID: Beam_Suntory-1213291400
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • HSA

  • Parental Benefits

    • Birth Parent or Maternity Leave

  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities

  • Office Life and Perks

    • Commuter Benefits Program
    • Casual Dress
    • Happy Hours
    • Company Outings
    • Snacks

  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence

  • Financial and Retirement

    • 401(K) With Company Matching
    • Performance Bonus
    • Relocation Assistance

  • Professional Development

    • Tuition Reimbursement
    • Promote From Within
    • Shadowing Opportunities
    • Access to Online Courses
    • Lunch and Learns

  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)

Search Additional Jobs

Senior Engineer Jobs in Gurgaon, IndiaJobs in Gurgaon, India