Product Security Engineer
- Bengaluru, India
Are you passionate about Security? Do you enjoy understanding and preventing security bugs? Are you eager to play with the latest technology?
We are too - so we can make our customers more secure. That's why we want the brightest and the best security engineers to join our VMware Product Security Team. Our mission is to make the cloud safe for our customers and partners.
We are highly motivated and experienced Product Security Engineers, who work with our developers from around the company and globally on everything from design, through code and deployment. Our role is to look for potential security issues and help with design fixes or mitigations before products or services ship. Our team is exposed to technology at every level of the stack including our own hypervisor, software-defined networking solutions, cloud management suites, and mobile solutions.
We write plenty of our own tests, automation and scripts, but we don't spend our days checking in code and are not the ones who write the code for VMware products or services. We are also not in charge of VMware's infrastructure, firewalls, laptops, virus scanners or internal services.
You will join a passionate team of hardworking Security Engineers as an equally driven individual in the team. In a typical day...
- Perform security analysis and testing of products and incremental features to identify security issues
- Prioritize and coordinate case-specific response activities which includes driving timely remediation of issues working with development teams across VMware.
- Regularly deepen knowledge and skills to effectively maintain the security posture of VMware's products and services.
- Identify and suggest improvements such as automating tasks and identifying metrics to understand trends.
Do you love tearing apart applications to understand how they work?
Are you excited by discovering vulnerabilities and producing exploit code?
Are you constantly threat modeling the world around you no matter where you are? If so, we want to meet you. We are seeking an experienced and highly-motivated Security Engineer to join our product security team onsite in Bangalore.
In this role you will assess the security posture of a variety of applications and collaborate with Security Architects and product teams to ensure that bugs are discovered and squashed before they have a chance to harm our customers. You will get hands on with applications across hypervisor, web applications, cloud services and more. You will perform penetration tests against VMware applications and review code for design flaws and code defects. You will lead development teams in threat modeling and improving their applications, and you will move fast and break things so that they can be rebuilt stronger than before.
If you are passionate about hands-on work and are eager to make a difference in software security, we believe this is the right team for you.
- Perform application, system, and network penetration testing on a broad range of products and technology stacks
- Prepare detailed reports on findings and work closely with development teams to implement security controls; relate findings to real-world risks and provide specific, actionable recommendations for resolution
- Perform research activities to investigate vulnerabilities and technologies which may impact VMware products, and present findings at industry conferences and tradeshows
- Assess cryptographic implementations to identify data leakages, side channel attacks, and insecure implementations
- Design and develop tools to augment and improve the testing process; configure existing tools and resources to perform more effectively
- Assess product compliance with security requirements and guide teams in meeting security objectives
- Introduce process efficiencies into existing testing methodologies and recommend improvements to testing workflows
- 2-5 years' combined experience in the areas of penetration testing, reverse engineering, code review, and vulnerability analysis
- Software development, code review, static analysis experience desired
- Offensive Security Certified Professional (OSCP) and GIAC certifications preferred
Category : Engineering and Technology
Subcategory: Software Engineering
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2021-03-23
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what's possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top