About Tech Alchemy

Tech Alchemy was founded in October of 2016. After successfully exiting from a previous start up, we identified a deficiency in the market related to early stage tech startups and the availability of a full service solution. This is where Tech Alchemy started, as a software development agency that not only does the development, but helps in strategy, design, development, fundraising, and any other verticals that a start up could require. We have now grown to an agency of 200+ designers, developers, and product specialists.

We are an award winning design and development company and one of the most trusted brands in blockchain, web and mobile technologies. At Tech Alchemy, we help technology focused startups formulate their ideas into real-world products to keep up with the latest trends in Blockchain, Metaverse and AR.

Industries we enhance with our technical expertise - Finance, NFTs, Gaming, Real Estate, E-Commerce, Food, Tokens, Health and Agriculture

Our products featured by - Apple, AWS, BBC, Forbes, Product Hunt, Red Dot & Yahoo Finance

We cover multiple parallels including UX design, branding, software development, blockchain development, business analysis and funding.

For more information visit our website and portfolio.

About the Job:

We're looking for an InfoSec Engineer with previous experience of working on software products with a focus on Web Platforms, Websites, and Mobile Apps. A minimum of 3+ years of experience is required.

As a member of the Tech Alchemy team, you will be exposed to exciting startup projects across many industries such as Finance, Health, Hospitality, Agriculture, and others. Most startup products vary in scope and key business goals with stakeholders are often open to developmental ideas. You should combine technical, communicative, and analytical skills and also enjoy mentoring junior staff, code reviewing, and engineering culture.

Responsibilities:

• Identify and assess security vulnerabilities in software web applications, APIs and mobile applications.
• Ensure compliance with industry-standard security practices across all the projects.
• Present reports and recommendations from findings, including security issues and level of risk.
• Work in a fluid Agile process, with a sprint-based focus on accurate estimations, quality deliverables, and responding to feedback.

  
  

Must Have:

• Demonstrated expertise in roles such as Security Test Engineer, Security Tester, Penetration Tester, VAPT or similar positions, with a track record of 3+ years.
• Practical hands-on familiarity with a wide array of security testing tools and methodologies.
• Thorough understanding of industry-standard security frameworks and best practices, including OWASP Top Ten and SANS Top 25.
• Competence in utilizing tools such as Burp Suite, Nmap, Nessus, Nexpose, and the MetaSploit framework.
• Proficiency in assessing the security of Android and iOS mobile applications through the application of static and dynamic testing tools, including Santoku, Burp Mobile Assistant, apktool, and others.
• Proven experience in executing comprehensive security assessments, encompassing penetration testing, meticulous analysis of tool-generated results, vulnerability scanning, and rigorous code review.
• Proficiency in the analysis of tool-generated results, execution of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), manual code review, active support in remediation efforts, and the review of open-source components.
• Adeptness in scripting and a strong grasp of application security principles.
• Excellent verbal and written communication skills to collaborate with cross-functional teams and convey security findings and recommendations.

  
  

Nice to have:

• Possession of relevant certifications such as OSCP (Offensive Security Certified Professional), eWAPT (eLearnSecurity Web Application Penetration Tester), CEH (Certified Ethical Hacker), and ECSA (EC-Council Certified Security Analyst).
• Familiarity with threat intelligence sources and the ability to incorporate threat intelligence into security testing practices.
• Understanding of DevSecOps principles and the ability to integrate security testing into the software development lifecycle.
• Willingness and ability to stay updated with the latest security threats, vulnerabilities, and testing methodologies.
• Familiarity with Agile processes facilitated through tools like JIRA and Confluence.

  
  

Why join us?

• Chance to work on cutting edge and innovative projects in tech industry
• Competitive salary with Mediclaim benefits (5 Lakhs coverage)
• Chance to work closely with Industry veterans including CTO & COO
• Growth of start up and stability of scaling organization in one place
• Excellent learning and development opportunities in Technical and Leadership areas
• Vibrant office space with positive and enthusiastic atmosphere