Job Information
Cornerstone onDemand Application Security Engineer in Andheri (East), Mumbai, India
Application Security Engineer (India)
The Security Engineer position is a hands-on role that involves evaluating and enforcing application security in all phases of the Software Development Life Cycle (SDLC). This position will work closely with our security and engineering teams on conducting white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. The candidate should have a strong background in application security, coupled with deep knowledge of AI technologies and LLM s, to protect our applications from potential security threats.
In this role you will…
Maintain security tools/processes to effectively secure our cloud-based environments (AWS, GovCloud, GCP)
Conduct white box security testing to assess and validate application security
Define, maintain, and enforce application security measures for AI and LLM based applications and evaluate application security tools to improve our detection and prevention capabilities
Monitor and track progress of found vulnerabilities and maintain the history
Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
Issue reports on assigned application and system scans
Continuously monitor and evaluate the security posture of AI/LLM applications and lead incident response efforts for security breaches related to AI and LLM applications
You’ve got what it takes if you have…
Bachelor’s degree in an Information Technology related field of study or equivalent post high school education and/or work-related experience
5+ years of experience in application security
Knowledge of application security focused on AI and LLM- based applications
Knowledge of OWASP Top 10 for LLM applications
Knowledge of information security principles, web applications, and a level of familiarity with malicious code and common techniques used by hackers
Experience with common SDLC tools: static and dynamic code analysis, open-source management, container security, threat modeling, etc.
Experience with HTML and JavaScript along with a solid understanding of HTTP protocol
Experience coordinating penetration testing activities and performing penetration testing
Experience with CI/CD practices and tools (Git, Jenkins) and integrating security solutions into CI/CD pipelines is a plus
Experience creating solutions in C#, Python, Node.JS, or Go , and Infrastructure as Code (CloudFormation) is a plus
Knowledge of microservices architectures is a plus
Experience working on security responsibilities for a SaaS or PaaS solutions, preferably in AWS is a plus
Basic knowledge of SQL and prior experience with programming in one or more server-side technologies such as ASP.NET Core is a plus.
Thorough understanding of SDLC and software security maturity models such as Building Security In Maturity Model (BSIMM) or OWASP Software Assurance Maturity Model (SAMM) is a plus
Experience conducting secure code development training is a plus
Knowledge of cryptographic tools and/or security APIs is a plus
Experience interacting with security vendors and customers is a plus
Excellent problem solving and analytical skills; outstanding oral and written communication skills
Self-motivation and the ability to work under minimal supervision are a must
Excellent at multitasking, and open to constant learning
#LI-Onsite
Equal Employment Opportunity has been, and will continue to be, a fundamental commitment at Cornerstone OnDemand. All qualified applicants are given consideration regardless of race, color, gender, age, sexual orientation, national origin, marital status, citizenship status, disability, veteran status, or any other protected class as provided in applicable Federal, State, or Local fair employment laws. If you have a disability or special need that requires accommodation, please contact us at careers@csod.com