Application Security Engineer - Hyderabad, India - Micron
Description
Our vision is to transform how the world uses information to enrich life for all.Micron Technology is a world leader in innovating memory and storage solutions that accelerate the transformation of information into intelligence, inspiring the world to learn, communicate and advance faster than ever.
JR44563 Application Security EngineerApplication Security EngineerJob Description
For more than 45 years, Micron's teams of innovators and scientists have redefined innovation—designing and building some of the world's most sophisticated memory and semiconductor technologies.
Micron's IT team is a distributed team who are passionate about enabling company success by delivering high business value solutions.
Within IT, we build security capabilities as well as educates and guides global teams to secure development in all types of workloads and environments both on premise and in our public and private clouds in a scalable way for our worldwide enterprise.
Key ResponsibilitiesTechnical Leadership
We serve as a mentors and authorities in the application security domain by leading efforts to further define and improve our application security strategy and secure SDLC processes.
Mentoring and guiding security champions embedded throughout the development teams is a core focus for the team, and we take that trust very seriously.
We also act as a voice for the development community into Global Security to help ensure that the potential impact of changes is well understood.
Engineering SolutionsWe are engineers and as such we build things.
Some examples of this are bringing automation of security tools in CICD pipelines, building reference solutions that apply security tools correctly, and developing proof-of-concept exploit code to gauge our exposure of confirmed vulnerabilities.
We provide measured and prescriptive guidance by prioritizing security issues relative to identified vulnerabilities, risk, and business objectives.Continued Education
Application security is an ever-evolving field, so we need to maintain the team both technically and intellectually.
We accomplish this through maintaining awareness of emerging domain appropriate application vulnerabilities, maintaining proficiency in emerging development practices and platforms, and maintaining expertise, certifications, and credentials through training, conferences, and professional organization membership.
Skills and Proficiencies:
Strong interpersonal skills and experience collaborating with developers and leadership to promote secure SDLCProven foundations in software engineering in multiple languages and frameworksExperience with SAST, DAST, SCA, and related application security toolsComfortable switching contexts between red, blue, and development perspectivesStrong sense of personal accountability and dedication to team successDeep understanding of OWASP Top 10 and CWE 25; with experience in implementing and integrating remediation strategiesHigh-Level Knowledge of security concepts in the various security domains including, but not limited to, authentication, authorization, testing, and cryptographyStrong problem solving and analytical skills with a proven record of resolving system-level issues
Differentiators
Cloud and containerized development and deploymentApplication architecture and software design principles with the ability to perform application security design reviewsExperience with open-source software and licensing concernsExcellent ability to coordinate multiple efforts and see solutions to their conclusionAbility to be self-directed and a fast learner with flexibility to support new technologies and legacy applicationsAbility to react to fast paced and dynamic environments
Education and Experience:
Bachelor's Degree or equivalent experience in Computer Science or related course of studyMust have 2+ years of experience in application security or related field