Named a Top 25 Cyber Security Company by The Software Report and one of Inc. magazines Best Workplaces for 2020, Infoblox is the leader in cloud-first networking and security services.

Our solutions empower organizations to take full advantage of the cloud to deliver network experiences that are inherently simple, scalable, and reliable for everyone.

Infoblox customers are among the largest enterprises in the world and include 70% of the Fortune 500, and our success depends on bright, energetic, talented people who share a passion for building the next generation of networking technologies and having fun along the way.

Role : Product Security Engineer II.

We are seeking an experienced Product Security Engineer II to join our Product Security Engineering team in Bengaluru, reporting to the Manager of Product Security Engineering.

In this role, you will be crucial in leading and ensuring the security and integrity of our applications and systems.

You will be responsible for identifying, assessing, and mitigating security risks and

implementing robust security measures throughout the software development lifecycle.

Your expertise in application security, threat modeling, and penetration testing will be essential in safeguarding our critical systems and protecting sensitive data from potential threats.

You are the ideal candidate if you are highly motivated with a keen interest in staying up to date with the latest technologies and the ever-evolving application threat landscape.

You are also passionate about product security and dedicated to maintaining the highest standards.

What Youll Do :

- Perform security assessments, application security reviews, and penetration testing for SaaS services, on-prem solutions focused around DNS/DHCP protocol.

- Collaborate with development teams to enforce secure coding practices, guidelines, and

standards.

- Ensure integration of security requirements and threat modeling considerations into the

software development lifecycle.

- Offer guidance and support during security-related discussions and decision-making

processes.

- Provide guidance on secure design principles and assist in addressing security issues.

- Plan, execute, and analyze application security testing, including penetration testing,

vulnerability scanning, and code reviews.

- Interpret penetration test results and recommend remediation measures based on identified

threats.

- Work closely with development teams to design and implement effective security controls like access controls, authentication mechanisms, encryption, and secure communication protocols.

- Utilize threat modeling outputs to guide security control selection and implementation.

- Keep up-to-date with emerging security threats, vulnerabilities, and best practices in application security and threat modeling.

- Educate development teams on secure coding practices, common vulnerabilities, and security best practices.

- Conduct security training sessions and workshops to raise awareness of threat modeling

concepts and foster a security-conscious culture.

What youll bring :

- Minimum 5 years of experience in vulnerability management and penetration testing.

- Strong knowledge of application security principles, threat modeling methodologies, and best

practices.

- Proficiency in secure coding practices, vulnerability assessment, and penetration testing

methodologies.

- Strong development knowledge in Shell Scripts, Python or Golang is a major plus.

- Familiarity with cloud environment like AWS, GCP, Azure and technologies like Kubernetes,

Containers etc.

- Familiarity with common web application vulnerabilities (e.g., OWASP Web/API Top 10) and

corresponding mitigation techniques.

- Experience with implementing and managing security testing tools and technologies, such as

static analysis tools, dynamic application scanners, and penetration testing frameworks.

- Strong understanding of secure software development lifecycle (SDLC) and ability to integrate

security practices and threat modeling into agile development processes with SAST & DAST

tools, including Coverity, CodeQL, SonarQube, and Contrast.

- Knowledge of authentication, authorization, and access control mechanisms, cryptographic

algorithms, and secure network communication protocols.

- Familiarity with industry standards and frameworks such as ISO 27001, NIST, PCI DSS, and

GDPR.

- Excellent communication and collaboration skills, with the ability to effectively communicate

technical concepts to non-technical stakeholders.

- Relevant certifications such as CISSP, CSSLP, CEH, OSCP, and/or OSWE are a plus.

- Good understanding of cyber security frameworks like OWASP, SANS, NIST, CIS, etc.

- MS/M.tech or BS/B.tech in Computer Science or related field, or equivalent work experience

required.

What success looks like :

After six months, you will :

- Understand the scope of Infoblox products, cloud infrastructure, and SaaS services that

require secure code reviews and application security assessments.

- Reach proficiency with processes and procedures laid out for the team in delivering best-in-class product security services.

- Build knowledge and hands-on experience with cutting-edge technologies.

- Understand the team of engineers and the current state.

After About a Year, You Will :

- Be an independent key contributor to the team.

- Contribute to the development and implementation of a comprehensive product security

framework that encompasses multi-cloud infrastructure and SaaS products and services.

- Identify and address potential vulnerabilities and threats in our products and services.

- Contribute to promoting a security-conscious culture within the organization, including conducting security awareness campaigns, delivering training sessions, and providing guidance to development teams on secure coding practices and threat modeling.