Job Description
The Purpose of This Role
The qualified candidate must be adaptable and able to work in a fast-paced environment where learning new skills and understanding new system architectures quickly is a key to success. The role of Fidelity's Pre-release assessment team (PRA) is to proactively identify vulnerabilities in the firm's applications prior to production release so that they can be remediated and prevent real-life cyberattacks from happening. Fidelity has a large and diverse portfolio of products that are developed on all of the major technology stacks and platforms. This provides a varied and interesting role within the Pre-release assessment team and the opportunity to work on a multitude of different products.
The Value You Deliver
Fidelity provides key financial services to a wide variety of demographics. In many instances we are managing our customers financial future and savings. This is something we take very seriously. Protecting our customers and their data is of paramount importance to us. This role plays a key part in helping to protect the livelihoods of our customers around the world and plays a significant part in preventing real-world cyberattacks.
The Skills that are Key to this role
Technical
• Ability to demonstrate manual testing experience including all OWASP Top 10 vulnerabilities.
• Knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption.
• Outstanding skills in perform penetration testing of web applications, web services, thick client, mobile, front-end & back-end services.
• Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities.
• Expert in manual penetration testing, dynamic vulnerability scanning, vulnerability validations and false positive analysis.
• Intermediate knowledge of a programming or scripting language such Java, JavaScript and SQL.
• Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX.
• Intermediate knowledge of web frameworks, including XML, SOAP, J2EE, JSON and Ajax.
• Experience with web application frameworks, including Struts, Spring, nodeJS.
• Research and develop innovative techniques, tools, and methodologies for penetration testing services.
• Penetration testing skills including the use of security assessment and hacker tools; e.g. BURP, Nessus, Qualys, Veracode, SQLMap, Kali Linux, Postman, OWASP Zap, etc
• Identify potential risks, threats, vulnerabilities and exploits in applications through secure code review, and penetration testing.
• Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities.
• Ability to triage results from automated code scanning tools for false positives and false negatives.
Behavioral
• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues.
• Excellent interpersonal skills with a strong interest in the application security domain
• Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.
• Full commitment to customer satisfaction and the highest ethical standard
• Open-minded, empathic and a team-mate with a partnering approach and an enthusiastic and motivated personality, with demonstrated experience in solving complex challenges.
• Intellectually curious and therefore remain abreast of new technologies and developments relating to technical products that might be used enterprise wide and software delivery methodologies.
• Team player with excellent interpersonal & communication skills (written and verbal)
• Possess can-do attitude to overcome any kind of challenge.
The Skills that are Good to Have for this role
• Programming language skills such as Java, .NET, Javascript
• Bug Bounty experience on platforms like HackerOne, Bugcrowd, YesWeHack
• Thorough understanding of application architectures, understanding of security standards, frameworks and methodologies, HTTP, TCP/IP
• Working experience with Security Software Development Lifecycle (SDLC) process such as static code analysis, third party library security testing, web application and API security testing, etc.
• Experience working with at least one scripting languages such as Python, Ruby, Bash, Javascript, etc.
• Strong customer focus, Strong communication, analytical and problem-solving skills
• Manage own time and work with minimal supervision.
• Ability to work effectively in a team environment with both technical and non-technical people.
• Good communication skills and experience of working in multi-culture environments.
The Expertise We’re Looking For
• Bachelors degree or equivalent experience
• 5 to 7 years of vulnerability assessment and penetration testing experience
• OSCP certification (preferred), SANS or Certified Penetration Tester, Certified Expert Penetration Tester or GIAC Certified Penetration Tester
Shift timings: 11 AM to 8 PM
💡 Quick Summary
Seeking a career-building opportunity? The Lead Software Engineer position is now open for candidates interested in the Software Developer Jobs sector. This role in Bangalore offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Software Developer Jobs is a plus.
