Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, or disability status. EEO/Disabled/Vets
Job Description :
JD Senior Engineer - Product Security Testing
About News Corp:
News Corp is a global diversified media and information services company focused
on creating and distributing authoritative and engaging content to consumers and
businesses throughout the world. The company comprises businesses across a
range of media, including: news and information services, book publishing, digital
real estate services, cable network programming in Australia and pay-TV
distribution in Australia.
What You'll Do
We are seeking a skilled and experienced Vulnerability Assessment and Penetration
Testing (VAPT) Specialist to join our dynamic team. In this role, you will be
responsible for conducting comprehensive VAPT activities for both web / mobile
applications and AI / LLM enabled applications. Additionally, you will play a key role
in Static Application Security Testing (SAST), Software Composition Analysis (SCA),
and Threat Modelling processes. Your expertise will contribute to the security
enhancement of our digital assets, ensuring the utmost protection of sensitive
information. Collaboration with internal team members, external partners, and
relevant stakeholders within the News Corp community will be essential to achieve
success in this role.
Key Responsibilities
- Conduct comprehensive Vulnerability Assessment and Penetration Testing (VAPT)
for web and mobile applications to identify security weaknesses, vulnerabilities, and
business risks.
- Perform Static Application Security Testing (SAST) by reviewing source code to
detect vulnerabilities early in the SDLC.
- Implement Software Composition Analysis (SCA) to identify and manage
third-party/open-source components, licenses, and associated security risks.
- Integrate application security practices into CI/CD pipelines, working closely with
DevOps and engineering teams to enable secure-by-design development.
- Lead and facilitate Threat Modelling exercises (STRIDE, attack trees, misuse cases)
and provide actionable mitigation recommendations.
- Review application code to identify insecure coding practices impacting security and
privacy.
- Manage and optimize manual and automated security testing tools for static,
dynamic, and dependency scanning.
- Identify opportunities for automation and tooling enhancements to improve security
coverage, reduce false positives, and increase efficiency.
- Prepare clear, actionable security reports, including:
Risk summaries, Root cause analysis, Remediation guidance, Security
maturity and roadmap recommendations
- Define and track security metrics and KPIs to measure coverage, risk reduction, and
program effectiveness.
- Collaborate with engineering teams, partners, and business stakeholders across the
News Corp ecosystem to understand requirements and drive security outcomes.
- Mentor and guide junior AppSec engineers, promoting knowledge sharing and
capability growth.
- Assess the current application security posture, identify critical gaps, and
recommend improvements aligned with organizational maturity goals.
- Stay current with emerging vulnerabilities, attack techniques, and industry best
practices.
AI / GenAI / LLM Security Responsibilities
Perform security testing of AI/GenAI-powered applications, including LLM-backed systems.
- Identify and assess risks such as: Prompt injection, Jailbreaks, Insecure output
handling, Training data leakage, Model abuse and excessive permissions
- Conduct threat modelling for LLM and RAG (Retrieval-Augmented Generation)
architectures.
- Review and assess security controls for LLM APIs and integrations (e.g., OpenAI,
Azure OpenAI, internal models).
- Apply OWASP Top 10 for LLM Applications and emerging AI security best practices.
- Support AI red teaming and adversarial testing initiatives where applicable.
Required Experience & Qualifications
- 6+ years of hands-on experience in Application Security, including DAST, SAST,
SCA, Penetration Testing, and Threat Modelling.
- 12 years of software development experience, with at least 1 year building or
contributing to secure systems.
- Strong knowledge of web and mobile application vulnerabilities, mitigations, and
secure coding practices.
- Experience with modern programming languages and frameworks such as:
- Python, Java, JavaScript/Node.js, Ruby, PHP
- Hands-on experience with application security tools, including:
- SAST/SCA: Checkmarx, Fortify, Snyk, DAST/Manual: Burp Suite, HCL AppScan,
OWASP ZAP
- Familiarity with information security frameworks and standards, including: OWASP,
NIST CSF, NIST SP 800 series
- Working knowledge of DevOps concepts and CI/CD pipeline integration.
- Ability to tune security tools, reduce false positives, and improve signal-to-noise
ratio.
- Strong stakeholder communication skills, with the ability to: Communicate risks to
technical and non-technical audiences.
- Drive remediation discussions effectively
- Experience conducting root cause analysis, lessons learned, and continuous
improvement activities.
- Ability to prioritize findings based on risk, scale, and business impact.
Desired / Preferred Qualifications
- Security certifications such as CPENT, OSCP, CEH, or equivalent (preferred).
- Experience working in a large enterprise or global environment.
- Exposure to cloud-native application security (AWS, Azure, GCP) is a plus.
Strong analytical skills with high attention to detail.
Ability to work independently and collaboratively in a team-oriented environment.
- Excellent organizational, prioritization, and time-management skills.
- Proven ability to handle confidential information with professionalism and
discretion.
Preferred Skills & Knowledge
- Advanced knowledge and experience in VAPT, Threat Modelling, Red Teaming
activities.
Location: Bangalore
Working Arrangement: Hybrid - a minimum of three days in office per week
Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race,
colour, religion, sex, national origin, protected veteran status, or disability status.
EEO/AA/M/F/Disabled/Vets
This job is posted with NTS Technology Services Pvt. Ltd.
Job Category:
