Key responsibilities

  • Perform application security assessment for web, mobile, cloud, thick client and IoT applications
  • Perform different types of application security assessments as needed; this involves application penetration testing, network penetration testing, attack surface evaluation, threat modelling and security design reviews
  • Perform web services (APIs) penetration testing and analyse communications between client and servers
  • Check separation of duties and access controls, review accounts management and check SSL certificates
  • Perform risk analysis and define prevention and mitigation controls for application vulnerabilities
  • Explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to application development teams or application vendor, and discuss effective defensive techniques
  • Provide mitigation strategies for applications from infrastructure, architecture and secure coding perspectives.
  • Utilize application security scanning tools, interpret reports and validate identified vulnerabilities and associated risks
  • Manage application security assessment requests from multiple locations, plan and prioritize testing activities
  • Collaborate with development teams across multiple locations to prioritize and remediate vulnerabilities throughout the application lifecycle
  • Work with development teams and IT staff to review application code and configuration for possible security risks

Essential qualifications

  • Bachelor’s or Master’s Degree (IT, Computer Science, Cybersecurity, Telecommunications, Engineering, etc.) or equivalent experience
  • 5-7 years’ experience in application security assessment
  • Applicants must be fluent in English and Hindi.
  • Knowledge of scripting languages such as Java, JavaScript, Perl, Ruby, Python, PHP, Groovy, Bash.
  • Experience with open-source technologies and cloud services
  • Strong experience with Linux-based infrastructures and cloud infrastructures: Linux/Unix administration, and AWS/GCP/Azure.
  • Work with CI and CD tools, and source control such as GIT and Azure DevOps
  • Offer technical support where needed such as developing software for our back-end systems, building infrastructure for QA Automation
  • Experience in using Docker containers or deploying apps using Kubernetes
  • Some experience with Application Security/DevSecOps/Secure code practices
  • Adaptable and willing to learn new technologies, keeps abreast of key developments in relevant technologies