About Galaxy:
Galaxy Office Automation Pvt. Ltd is a leading technology solutions provider and helps organizations to digitally transform their business. Over the past 38 years, we have strived to help our customers meet the most difficult challenges by providing innovative solutions that integrate cutting edge technologies. We have been constantly upgrading our portfolio of solutions and skills to keep up with the fast-changing digital world. Our vast experience across various industries, large investments in developing skills and solutions, ability to execute complex transactions and over 300+ professionals put us in the best position to deliver transformational solutions to our clients.
Job Description
We are seeking an experienced Application Security / Product Security Engineer to help secure our applications and products throughout the software development lifecycle. The ideal candidate will have strong knowledge of cloud-based architectures, application security best practices, and secure SDLC, along with hands-on experience performing security design reviews and application testing across web, API, mobile, and thick client applications. This role requires close collaboration with engineering, architecture, DevOps, and product teams to identify security risks early and ensure secure product development.
Key Responsibilities
- Integrate security practices into the Software Development Lifecycle (SDLC).
- Perform application security design reviews for new and existing products.
- Conduct manual and automated security testing of: o Web applications o REST / GraphQL APIs o Mobile applications (Android / iOS) o Thick client / desktop applications
- Identify vulnerabilities such as OWASP Top 10, authentication issues, authorization flaws, and API security risks.
- Review cloud architecture and deployments (AWS, Azure, GCP) for security best practices.
- Work with development teams to prioritize and remediate vulnerabilities.
- Perform threat modeling and security architecture assessments.
- Track vulnerabilities, remediation status, and risk metrics using Excel or vulnerability management tools.
- Support secure coding practices and developer security awareness.
- Manage multiple security assessments and coordinate tasks across teams.
- Provide reports and dashboards for management regarding security posture. Required Skills & Qualifications
- Strong understanding of Application Security and Product Security principles.
- Experience with secure SDLC practices.
- Hands-on experience performing security testing for:
- Web applications
- ·APIs
- Mobile apps
- Thick client applications
- Knowledge of cloud platforms (AWS / Azure / GCP) and cloud security architecture.
- Experience performing security design reviews and threat modeling.
- Familiarity with OWASP Top 10, API Security Top 10, and common vulnerability classes.
- Experience using security tools such as: o SAST o DAST o SCA
- API testing tools
- Good working knowledge of Excel for tracking vulnerabilities, metrics, and reporting.
- Strong task management and stakeholder coordination skills.
- Ability to work with engineering and product teams to drive security remediation. Preferred Qualifications
- Certifications such as: CEH , OSCP , GWAPT , CSSLP , CISSP
- Experience with DevSecOps pipelines and CI/CD security integration and architecture design principles.
- Experience with container and Kubernetes security and cloud security. Soft Skills
- Strong communication and collaboration skills
- Ability to manage multiple projects and stakeholders
- Analytical thinking and problem-solving ability
- Strong documentation and reporting skills
