Noida, Hyderabad/Secunderabad, Chennai
Job description
Job Responsibilities
Support asset development, process establishment. Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as IBM AppScan/HP Fortify or CheckMarx.
We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options.
Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc.
Skills Required
Mandatory: 8-10 years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing, Firmware Assessment. Expert in Application Security process establishment.
Through exposure on DevSecOps implementation/integration. Deep hands on experience into Mobile application Security Android/iOS – reverse engineering/memory analysis etc. Security tool experience – IBM AppScan/CMx/Forfity/Nessus/MetaSpolit, Web Proxy Good exposure on penetration testing.
Good to have one of the given certifications – OSCP/GPEN/GWAPT/CSSLP etc. Independent global client handling AppSec delivery exposure. >=2 years. Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation. Excellent interpersonal skill.
Location: Noida, Chennai, Hyderabad, Bangalore
Education
Key Skills
PT testing, burp suite, threat modeling, IBM AppScan, appscan, application security, manual testing, API security testing, vulnerability assessment, iOS nessus, DevSec, Ops implementation