Roles and Responsibilities
- Conduct Vulnerability Assessments, Penetration Testing and Application Security Assessments.
- Integrate security tools, standards, and processes in the software development lifecycle
- Perform Web Application Security - SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing)
- Identify security vulnerabilities in source code before an application is deployed to production
- Discover vulnerabilities once an application is deployed and advise development teams on remediation
- Implement security tools and technologies to achieve secure DevOps process.
- Mentor and help development and QA team with the appropriate level of security knowledge to ensure the secure application development and roll outs.
- Integrating threat modelling practices into the product life cycle.
- Provide security requirements and specification during the application design and development stage.
- Develop standards and best practices for secure application development.
Desired Candidate Profile
- 12+ years of experience in performing security testing of complex applications (Manual and using tools).
- Must have performed secure code reviews, security testing on web application, mobile applications, APIs, networks, etc.
- Have performed static and dynamic testing (SAST & DAST) using well know industry tools and technologies
- Have sound knowledge and experience of security tools integration with DevOps platforms.
- Thorough understanding on standards such as OWASP top 10, SANS, etc.
- Good knowledge of security technologies such as cryptography, authentication techniques, risk identification and assessment, etc.
- Exposure on Software composition Analysis (SCA) Tools, Runtime Application Self-Protection (RASP), Open-source security.
- Knowledge on cloud infrastructure, code repositories, associated risks, and SaaS applications.
- Holding Security Certifications CISSP/CISM/ CEH/ OSCP
- Excellent communication skills.