Senior Application Security EngineerChennai, India - Eng Infrastructure & Security - Engineering

About this role Udemy is looking for an Senior Application Security Engineer to join the Application Security team. Security and trust are vital to the Udemy business model. We are part of the Information Security organization that treats security and compliance as an integral part of product development. We are a team of software engineers and security professionals with diverse expertise in building and implementing solutions to improve the security on our platform. In this role, you will partner with cross-functional teams of Product Managers, Trust and Safety, Engineers, Legal, Security, and Compliance to help conceptualize and develop world-class solutions.What you'll be doing Contribute to functional specifications and participate in code reviews to include secure-by-design functionality. Write and execute test plans for maintainable code whether implementing backend security improvements, user-facing security features, or fixing defects. Work independently, with guidance from a senior engineer.Follow industry trends on new technologies, best practices and solutions. What you’ll have Minimum of 4+years of professional experience with security by design principles and software development life cycle. Knowledge of Web security, such as headers, cookies, CORS, XSS, CSP.Knowledge of industry standard application security standards or frameworks for Web and mobile services specially Spring Boot, DjangoFamiliarity with object-oriented programming specially Kotlin, Python, JavaScript, Go and cloud technologies like AWS, GCP.Experience with Git or other versioning systems. We understand that not everyone will match each of the above qualifications. However, we also realize that everyone has unique experiences that can add value to our company. Even if you think your background might not perfectly align, we'd love to hear from you!Nice to have: Fundamental knowledge of authentication technologies; OAuth, SAML, OIDC, JWT.Experience working on a team in full stack software development, including practices like continuous integration, unit testing, code reviews, pull requests, and documentation.Experience with cloud-native landscape and containerized architecture. Experience in using SAST, SCA, DAST tools and integrating them as part of CI/CD pipelinePerformed role of a security championExperience in bug bounty programs either have submitted bug bounty or as a triager