Role and Responsibilities
3-10 years of experience in Application Security & Infra Vulnerability Management.
Good experience in Product/Applications Dynamic Application Security Testing, Static Application Security Testing & Infra Vulnerability Management.
Conduct Vulnerability assessment, penetration testing, PCI Scanning, support 3rd party pen test and remediation.
Experience in false positive analysis, remediation advice and vulnerability tracking through ticketing systems.
Expert level knowledge in source code review using automation tools and manual approach.
Expertise in conducting Application Security code review for JAVA/.Net/C++ etc.
Knowledge on Application security vulnerability based on standards such as Common Weakness Enumeration(CWE) and OWASP.
Social engineering attack background. Scripting knowledge in Python or power shell etc.
Architect, Design and Develop Application Security Architecture.
Experience in preparing Thread Modelling of Applications.
Good verbal and written communication skills.
CEH V9 and or CISSP will be an added advantage.
Tools Experience: Webinspect(DAST), AppScan Standard(DAST), Fortify (SAST), BurpSuite, OWASP Zap Proxy, Nessus, Qualys, NMap, Metasploit etc.