Zoho is one of the world's most prolific software companies. With 55+ applications in nearly every major business category, including sales, marketing, customer service, accounting and back office operations, and an array of productivity and collaboration tools built from the ground up, Zoho has the depth and breadth to solve even the most complex business challenges.
With more than 130 million+ users and over 18,000 employees across the globe, hundreds of thousands of companies rely on Zoho, every day to run their businesses, including Zoho itself. With 29 years of being private, bootstrapped and profitable, we understand what it takes to run a sustainable, resilient business
Experience: 0-2 years in Security Operations/ Application Security Engineer
Job Location: Chennai
Key Responsibilities:
- Conduct risk assessments and Identify, document, and prioritise technical risks across the environment, translating complex vulnerabilities into actionable business risks.
- Perform threat modelling for applications, services, and infrastructure to identify attack vectors and security gaps and Lead threat modelling sessions with engineering teams for new features using frameworks like STRIDE.
- Manage the end-to-end lifecycle of vulnerabilities found in our software and infrastructure.
- Implement and tune SAST (Static), DAST (Dynamic), and IAST (Interactive) tools to ensure high-quality security signals without slowing down development.
- Perform manual code reviews for critical business logic that automated tools might miss.
- Monitor, triage, and investigate security alerts generated from intrusion detection scripts, SIEMs, and other detection mechanisms. Develop custom scripts (Python, Bash, etc.) to automate repetitive alert handling and incident response workflows.
- Analyze suspicious activity, validate incidents, and support incident response and post-incident reviews
- Collaborate with development teams to remediate findings and embed security into CI/CD pipelines ensuring code is scanned and verified before deployment.
- Document findings, response actions, and security recommendations clearly and effectively
Required Skills:
- Strong understanding of network protocols, Linux internals, and the MITRE ATT&CK framework.
- Solid understanding of threat modeling methodologies (e.g., STRIDE, attack trees) and Hands-on experience with SAST, DAST, and IAST tools.
- Hands-on experience with AppSec tooling (e.g., Snyk, Veracode, Checkmarx, Burp Suite, Zap, or Contrast Security).
- Proficiency in at least one major language for building security tools and automation.
- Familiarity with AWS, Azure, or GCP security services and Infrastructure as Code, along with experience in log analysis, alert tuning, false-positive reduction, and responding to intrusion detection or custom security alerts, is an added advantage.
