Match score not available

Product Security Engineer II

unlimited holidays - extra parental leave - fully flexible
Remote: 
Hybrid
Contract: 
Experience: 
Mid-level (2-5 years)
Work from: 
Bengaluru (IN)

Offer summary

Qualifications:

Bachelor’s degree in information technology or related fields, 3-5 years of experience in product security, Knowledge of security vulnerabilities, OWASP Top 10, Experience with web and mobile application assessments, Security certification like OSCP, CEH preferred.

Key responsabilities:

  • Collaborate on identifying vulnerabilities in applications and platforms
  • Perform manual and automated security assessments
  • Develop automation processes for detecting security flaws
  • Adhere to secure SDLC practices throughout product features lifecycle
  • Promote a security-first culture at Narvar
Narvar logo
Narvar Computer Software / SaaS Startup https://corp.narvar.com/
201 - 500 Employees
HQ: San Mateo
See more Narvar offers

Job description

Narvar is growing! The security assurance team is a part of the central information security function which is primarily responsible for securing applications that run the Narvar business, payment stack products. Security assurance team helps to secure platforms, applications (sdk, web, mobile) and the cloud-based infrastructure on which Narvar services are built to handle end to end platforms for payments. We need passionate ethical hackers who derive purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.

The pace of our growth is incredible – if you want to tackle hard and interesting problems at scale, and create an impact within an entrepreneurial environment, join us!

As a Product Security Engineer in Narvar, you will collaborate with other security and engineering teams on identifying vulnerabilities in our applications, & platform while improving visibility and implementing application security best practices throughout secure SDLC.

Day-to-day

  • Perform code reviews (Manual, SAST, and DAST)
  • Perform security assessment of web applications, Android, iOS mobile applications and on different payment stacks platform
  • Develop automation and processes to identify security flaws in code.
  • Work on new product features to make Narvar customer / client and data more secure by involving right from the walkthrough of the product features and practicing secure SDLC
  • Think out of the box in building attack scenarios
  • Come up with the threat landscape right from the inception of the idea to product solution to the architecture and implementation of the solution
  • Proactively identify vulnerabilities across our platform and recommend fixes.
  • Perform security functional testing as needed and validate pen-test findings
  • Ownership of the tasks
  • Inclination towards learning multiple areas of security and building competency to deliver a wide spectrum of security like cloud security, operating systems etc.
  • Adapt to technologies/languages/platforms/frameworks of the time
  • Innovate to identify the security vulnerabilities as fast as possible in the lifecycle
  • Promote the culture of security first at Narvar
  • Identifying the problem statements which upon solving will increase the security posture of Narvar
  • Maintain the Security standards and provide guidelines to developers for secure coding practice.

 What we are looking for

  • Bachelor’s degree in information technology or other related fields
  • Very strong security mindset
  • At least 3-5 years of working experience in domains related to product security
  • In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
  • Experience in doing security assessments on web applications, Android and iOS mobile applications in microservice architecture
  • Experience in using the security tools to carry out the manual as well as automated security assessments
  • Working with common product flows like payment gateway integration, authentication etc.
  • Knowledge of how applications get built which may help in multiple scenarios to break the very things
  • Knowledge and understanding of Python, Java, SQL, Javascript, Ruby, NodeJS, Go etc. is a huge plus
  • Possess of security certifications (at least one) such as OSCP, OSWP, CEH
  • Passion for security, and a practical and balanced approach to security issues
  • Ability to visualize the root cause and deep dive
  • Curiosity in knowing how things work in different conditions
  • Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams
  • Contributions to the security community is a huge plus and shouldn’t be a tool junkie
  • Lazy,so that could make machines work for him/her [automation]
Why Narvar?

We're on a mission to simplify the everyday lives of consumers. Post-purchase is a critical phase of the customer journey. That's why we created Narvar - a platform focused on driving customer loyalty through seamless post-purchase experiences that allow retailers to retain, engage, and delight customers. If you've ever bought something online, there's a good chance you've used our platform!

From the hottest new direct-to-consumer companies to retail’s most renowned brands, Narvar works with GameStop, Neiman Marcus, Sonos, Nike, and 1300+ other brands. With hubs in San Francisco, Atlanta, London, and Bangalore, we've served over 125 million consumers worldwide across 10+ billion interactions, 38 countries, and 55 languages.

Pioneering the post-purchase movement means navigating into the unknown. Our team thrives on this sense of adventure while nurturing a mindset of innovation. We're a home for big hearts and we leave our egos at the door. We work hard but we always make time to celebrate professional wins, baby showers, birthday parties, and everything in between.

We are an equal-opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

#LI-SA1

#LI-Hybrid

Please read our Privacy Policy to learn what personal information we collect in connection with your job application, and how we may use and share it. 

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Industry :
Computer Software / SaaS
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Curiosity

Security Engineer Related jobs