Share this Job

Principal Engineer II, Security Architecture - OWASP, SANS Java, Application Security

Date: Jan 8, 2019

Location: Bangalore, India, IN

Company: HARMAN International

Requisition Id : 114170 

Additional Work Location(s) ​​​​​:  

Position Summary: Briefly describe the primary purpose and function of this position.


The candidate shall play the role of a security lead for the Ignite product and will be responsible for defining the security requirements and solutions required to make Ignite solution a robust product from security perspective. He/She shall drive the security value proposition of the product and will be responsible for representing that value proposition in front of customers.



Supervisory Responsibilities: Please indicate the number of direct reports and/or number of indirect reports.


The candidate will be an individual contributor in the program and unlikely to have direct reports.


Job Responsibilities: List the professional and/or technical competencies needed when performing the key responsibilities of the position.  Explain the degree to which this position affects the business (i.e. making decisions, defining or setting strategy, etc.). Please further explain the breadth of the impact this position has (i.e. affects own team, department, function, division, geography, etc.).

  • The Candidate has a critical role to play in the Ignite product development being responsible for all security measures that are built into the product.
  • The candidate shall be responsible for defining the EtE security requirements for the product
  • The candidate shall be responsible for defining the security solutions that help fulfill the security requirements of the product. The candidate helps developers with resolution of vulnerabilities
  • The candidate shall be responsible for generating relevant technical documentation like architecture documents, high level designs, low level designs for the product
  • The candidate shall be responsible for evaluation of different off-the-shelf security solutions that could be used in the product
  • The candidate shall be responsible for security audit of the product and any third party components used in the product
  • The candidate shall be responsible for defining and enforcing the best development processes e.g. source code management tools, code reviews, static checks, dockerfiles etc critical to ensuring security compliance of the product to specific standards
  • The candidate shall be responsible for development of proposals to customers including analysis of requirements provided by the customer and positioning the security features of the product.
  • The candidate shall be responsible for advising the product qualification team on validation of security requirements of the product.



Basic Qualifications: List the minimum and desired education (including degrees, licenses, certification or registrations) and experience needed to perform the key responsibilities of the position.

  • B.Tech/M.Tech in Comp. Sc
  • Security Certification from a 3rd party certification agency would be an additional benefit.
  • Atleast 3 years experience working on security solutions for products.
  • Thorough knowledge of authentication and authorization standards applicable in the Web services and Enterprise application world e.g. OAuth2,  SAML etc. He/She needs to be aware of good password handling procedures and SSH usage among developers
  • Deep understanding of security vulnerabilities typical to web applications and application infrastructure servicing web applications.
  • Thorough knowledge on well-known security practices and solutions used in Web applications e.g. solutions applicable to top 10 OWASP vulnerabilities
  • Thorough understanding of Hash algorithms, encryption algorithms, ciphers used in products and their robustness. Ability to decide on the right encryption to use based on the application.
  • Candidate needs to be familiar with OWASP, SANS and other coding guidelines
  • Candidate should have hands-on experience with popular vulnerability analysis tools used in dynamic web and mobile applications like IBM AppScan vulnerability analysis tool
  • Candidate needs to be familiar with tools that could be used for static scan in CI/CD pipeline
  • Candidate needs to have thorough knowledge on  techniques used in DAR security, DIT security and detection and removal of hard-coded credentials at app-level
  • Candidate needs to be familiar with requirements applicable to DB security
  • Candidate should have first hand experience with security audits and data that mandatorily needs to be included in audit logs from security perspective


HARMAN ( designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, audio and visual products, enterprise automation solutions; and services supporting the Internet of Things.  With leading brands including AKG®, Harman Kardon®, Infinity®, JBL®, Lexicon®, Mark Levinson® and Revel®, HARMAN is admired by audiophiles, musicians and the entertainment venues where they perform around the world. More than 25 million automobiles on the road today are equipped with HARMAN audio and connected car systems. Our software services power billions of mobile devices and systems that are connected, integrated and secure across all platforms, from work and home to car and mobile. HARMAN has a workforce of approximately 30,000 people across the Americas, Europe, and Asia. In March 2017, HARMAN became a wholly-owned subsidiary of Samsung Electronics. HARMAN is an Equal Opportunity /Affirmative Action employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or Protected Veterans status.  HARMAN offers a great work environment, challenging career opportunities, professional training and competitive compensation. Looking for a challenge where your experience is valued? Come see what you can achieve as a leader with HARMAN!  (


Job Segment: Application Engineering, Architecture, Product Development, R&D Engineer, Engineering, Security, Research