App Security

Mumbai
DreamX – Growth
Full-time
Technology at Dream11:
Our tech team is the core of Dream11’s mobile-first cross-platform (desktop + mobile PWA, Android & iOS) fantasy product serving more than 5 crores + users with over 10 million rpm (requests per minute) at peak concurrency.
Our tech stack is hosted on AWS and is built on  Cloudfront / AWS API Gateway, NGINX, / Java, Redis / ElastiCache and MySQL / Cassandra as our end to end stack. Besides these, we heavily use MongoDB, Kinesis, Kafka, RabbitMQ, Spark, Redshift and other cutting edge techs to keep improving Dream11's performance. As a data-driven team, we also use R, Python and other big data technologies for Machine Learning and Predictive Analytics.

Your Role:
- Understand complex technical and architectural issues from the security perspective
- Review application security and approve application changes
- Perform Manual / Automated Application Vulnerability Assessment & Penetration Testing
- Set up process / policies / controls / standards to meet state of the art security compliances
- Managing technical documents including VAPT / Application Security tracking and reporting.
- Highly focused on automation based methodology to get maximum output and coverage
- Manage / Collaborate with teams for Application Security Architecture and Development in the testing and remediation process
- 3rd Party Vendor / Auditor Management / Maintain MIS

Must Have:
- 3+ years experience in application security function having experience of working with developers throughout Secure Software Development Life Cycle.
- Extremely proficient with manual penetration testing and with automated methods/tools.
- Good Exposure with Web Application Firewalls (WAF).
- Good Knowledge of programming languages like Python and JavaScript and understanding of RDBMS as well as NoSQL database technologies like MySQL, Redis, Cassandra etc.
- Knowledge of any cloud based platform like AWS, GCP etc.
- Ability to perform automated & manual secure code review and provide security guidance to developers.
- Expertise in Web / Mobile application security testing, static and dynamic analysis using tools

Bonus:
- Has proven experience in helping institutions identify critical security issues using responsible vulnerability disclosure programme (RVDP).
- Has participated in Bug Bounties & CTF.
- Having a gaming background and having good knowledge in any of the sports like Cricket, Kabaddi, Hockey or Football
- Working in a growing start-up environment