• Us Citizen

• Green Card

• EAD (OPT/CPT/GC/H4)

• H1B Work Permit

• Corp-Corp

• Consulting/Contract

• UG :- - Not Required

• PG :- - Not Required

• No of position :- ( 1 )

• Post :- 27th Sep 2021

Proficient in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors.
• Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks
• Experience with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. Tomcat, .Net, MS SQL, etc.).
• Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
• Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.
• Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
• Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, Java Script, Python.
• Should have a solid understanding of security controls and how they apply to different designs and systems.
• Understand, highlight and articulate risk to product owners in an understandable language.
• Knowledge of DevSecOps and development pipeline integration and automation.
• Knowledge in Cloud and Containers infrastructure. AWS, Azure and docker experience is a plus.
• Document vulnerabilities and work with developers on vulnerability mitigation
• Perform re-reviews to validate the fixes on the reported vulnerabilities.
• Provide excellent coordination with local teams (which includes vendor consultants), onsite team and various other support teams in DTCC organization
• Provides regular status updates on all assigned tasks and deliverables.
• Attend meetings with all involved stakeholders from TRM and IT leads to provide updates and de-brief when required.

Qualifications
• At least 10 years of progressive development experience with 4+ years in Secure Code review and Application Security.
• Proficiency with Application Security best practices with more focus secure coding guidelines
• Experience in performing manual secure code review of popular web application programming languages (Java, Javascript, Angular, Python, Perl, optionally Objective-C, etc.).
• Demonstrated proficiency of troubleshooting techniques and detail-oriented problem-solving mindset
• Ability to conduct research into technical issues, standards, and products
• Good written and verbal communication skills and the ability to interact well with different levels within the organization
• Have one or more of the following active certifications ISC2 Certified Secure Software Lifecycle Professional (CSSLP), Global Information Assurance Certification (GIAC) Secure Software Programmer (GSSP-Java), EC-Council Certified Secure Programmer (CSP).