Our Company
We care about helping people. Our purpose is to provide help and inspire confidence in our clients and communities everywhere. Our associates feel a sense of belonging in an inclusive place with an amazing history and a sharp focus on our future. Our connected culture is who we are and how we work together to achieve our strategies, accelerate our transformation, and achieve extraordinary results. It's an exciting time to be a part of H&R Block!
What you'll do...
The
Senior Application Security Engineer is responsible for ensuring the security of an organization's products throughout their lifecycle. This role also consults with security adjacent stakeholders and business units to provide suggestions, education, guidance and feedback from a security perspective.
- Risk Assessment and Mitigation: Perform threat modelling application design solutions and vulnerability assessments to identify relevant risks, security gaps or risks in product design and development.
- Secure Development Practices: Implement security tooling and automation to scale the Application Security team's practices. Advocate for and integrate security best practices in the Software Development Lifecycle (SDLC). Conduct code reviews, penetration testing, and static/dynamic analysis. Ensure compliance with industry standards (e.g., AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, NIST CSF).
- Security Architecture and Development: Working with product and engineering teams to design, program development, software development and implement security controls and protections within the product via automation. This task ensures the product is built with security in mind from the ground up. Integrate security tools and technologies into the CI/CD pipeline (e.g., static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and infrastructure-as-code (IaC) scanning).
- Planning, Collaboration and Training: Product roadmap planning with key stakeholders, collaboration with cross functional teams to develop mitigation strategies. Working closely and mentor Product, Engineering, and IT teams for security best practices. Provide security training and awareness for developers and stakeholders.
Compliance and Reporting: Maintain documentation of security controls and processes. Prepare reports on security risks and mitigation efforts for management and regulatory bodies. Audit source code and perform code review for critical application changes
What you'll bring to the team...
- 5+ years of experience in an application security role.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
- Strong understanding of:
- Threat modelling methodologies such as MITRE ATT&CK, STRIDE, and PASTA;
- Amazon AWS Services, MS Azure and their capabilities;
- Securing web applications;
- Orchestration tools (ex. Anisible, Terraform).
- Experience with frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines.
- Fluency in Python, React, and Django Rest Framework.
- Experience with manual source code review, and embedding security to code in production environments.
- Experience with deploying application security tools in the CI/CD pipeline.
- Experience with securing software development lifecycle including building programs. that eliminate full classes of vulnerabilities.
- Excellent communication and interpersonal skills.
- Ability to work independently and within a team.
- Strong organizational and time-management abilities.
It would be even better if you also had...
- Certifications such as CISSP, CSSLP, CEH, or equivalent.
- Experience in IoT, embedded systems, or mobile app security.
- Knowledge of regulatory and compliance standards (e.g., AICPA SOC2, NIST CSF, GDPR, HIPAA)
Why work for us
Equal Opportunity Employer: H&R Block does not tolerate discrimination based on a person's race, color, religion, ancestry, age, sex/gender (including pregnancy, childbirth, related medical conditions and sex-based stereotypes and transgender status), sexual orientation, gender identity or expression, service in the Armed Forces, national origin, physical or mental disability, genetic information, citizenship status or any other status protected by law.
Follow our LinkedIn page for latest updates/news: https://www.linkedin.com/company/hrb-india/
