Job Description

Narvar is growing! The security assurance team is a part of the central information security function which is primarily responsible for securing applications that run the Narvar business, payment stack products. Security assurance team helps to secure platforms, applications (sdk, web, mobile) and the cloud-based infrastructure on which Narvar services are built to handle end to end platforms for payments. We need passionate ethical hackers who derive purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses.

The pace of our growth is incredible – if you want to tackle hard and interesting problems at scale, and create an impact within an entrepreneurial environment, join us!

As a Product Security Engineer in Narvar, you will collaborate with other security and engineering teams on identifying vulnerabilities in our applications, & platform while improving visibility and implementing application security best practices throughout secure SDLC.

Day-to-day

• Perform code reviews (Manual, SAST, and DAST)
• Perform security assessment of web applications, Android, iOS mobile applications and on different payment stacks platform
• Develop automation and processes to identify security flaws in code.
• Work on new product features to make Narvar customer / client and data more secure by involving right from the walkthrough of the product features and practicing secure SDLC
• Think out of the box in building attack scenarios
• Come up with the threat landscape right from the inception of the idea to product solution to the architecture and implementation of the solution
• Proactively identify vulnerabilities across our platform and recommend fixes.
• Perform security functional testing as needed and validate pen-test findings
• Ownership of the tasks
• Inclination towards learning multiple areas of security and building competency to deliver a wide spectrum of security like cloud security, operating systems etc.
• Adapt to technologies/languages/platforms/frameworks of the time
• Innovate to identify the security vulnerabilities as fast as possible in the lifecycle
• Promote the culture of security first at Narvar
• Identifying the problem statements which upon solving will increase the security posture of Narvar
• Maintain the Security standards and provide guidelines to developers for secure coding practice.

What We Are Looking For

• Bachelor’s degree in information technology or other related fields
• Very strong security mindset
• At least 3-5 years of working experience in domains related to product security
• In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10
• Experience in doing security assessments on web applications, Android and iOS mobile applications in microservice architecture
• Experience in using the security tools to carry out the manual as well as automated security assessments
• Working with common product flows like payment gateway integration, authentication etc.
• Knowledge of how applications get built which may help in multiple scenarios to break the very things
• Knowledge and understanding of Python, Java, SQL, Javascript, Ruby, NodeJS, Go etc. is a huge plus
• Possess of security certifications (at least one) such as OSCP, OSWP, CEH
• Passion for security, and a practical and balanced approach to security issues
• Ability to visualize the root cause and deep dive
• Curiosity in knowing how things work in different conditions
• Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams
• Contributions to the security community is a huge plus and shouldn’t be a tool junkie
• Lazy,so that could make machines work for him/her [automation]