Flipkart is India’s largest e-commerce marketplace with a registered customer base of over 150 million. In the 10 years since we started, Flipkart has come to offer over 100 million products across 120+ categories including Smartphones, Books, Media, Consumer Electronics, Furniture, Fashion and Lifestyle.
Launched in October 2007, Flipkart is known for its path-breaking services like Cash-onDelivery, No-Cost-EMI and 10-day replacement policy. Flipkart was the pioneer in offering services like In-a-Day Guarantee (65 cities) and Same-Day-Guarantee (13 cities) at scale. With over 1,20,000 registered sellers, Flipkart has redefined the way brands and MSME’s do business online.
The role of the Application Security Analyst/Engineer is to perform activities related to security and privacy by design in the application developed by Flipkart and integrate security controls throughout SDLC life cycle. The job holder is responsible for establishing, implementing, monitoring, reviewing and improving a suitable set of controls for the prevention of threats to the security of our applications and information assets, ensuring the business objectives of the organization.
Essential Duties and Responsibilities -
● The candidate should have 3 to 5 years of experience in web application and mobile application security vulnerability assessment and penetration testing.
● Conduct Penetration testing for thin & thick client based applications. ● Exploit security flaws and vulnerabilities with attack simulations on multiple applications in Android and IOS platform.
● Develop PoC/exploits for vulnerabilities identified.
● Perform application security testing of Web, Mobile (Android and iOS), and API etc. ● Preparation of the final test report.
● Interaction and communication with developers for POC and support in mitigation of vulnerability.
● Security Code review for in-house applications
● Provide remediation guidance to identified vulnerabilities.
● Solve complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.
● Good communication and presentation skills.
● Experience with Red team exercises, threat hunting, OSINT.
● Experience in Threat Modelling.
● Experience in building security tools.
● Strong understanding of OWASP Top 10
● The candidate should be a team player with good interpersonal skills and should be able to work independently with minimum supervision in a complex Infrastructure environment.
● Understanding of Security Architecture Review
The candidate should have 3 to 5 years of experience in web application and mobile application security vulnerability assessment and penetration testing. Conduct Penetration testing for thin & thick client based applications. Exploit security flaws and vulnerabilities with attack simulations on multiple applications in Android and IOS platform. Develop PoC/exploits for vulnerabilities identified. Perform application security testing of Web, Mobile (Android and iOS), and API etc. Preparation of the f