Must Have Skills*
- DAST
- SAST
- Certified in security
- Minimum of 4-5 years hands-on experience in Application Security assessment DAST and SAST.
- GWAPT or CISSP certification.
- Performs application security assessments and guide remediation activities as part of the application security
- Guides and performs security assessment activities including vulnerability testing and analysis (both tool based and manual), code review, static and dynamic code testing, ethical hacking and business logic exploit testing.
- Integration of Application security activities in CI/CD pipeline
- Ensures teams are validating for OWASP and performing industry leading application security practices
- Creates application assessment process documents, like requirements document, reports on application assessment findings etc
- Collaborate with stakeholders to explain the findings and proposed remediation
- Provide dashboard reports on status of project
- Experience as a Security Engineer specifically for Applications /Understanding of SSDLC Framework.
- Strong background with application security assessments.
- Experience in application security assessments (white box, black box and code review).
- Hands on experience with application Security tools like IBM AppScan, Fortify, Web Inspect, BurpSuite etc.
- Experience in integrating application security processes in CI/CD pipelines
- Knowledge of Application security processes and standards including OWASP, CVSS rating, factors impacting risk rating etc
- Experience creating documents and reports
- Excellent communication and collaboration skills
- Some system administration and scripting experience with at least SQL databases (PL/SQL Scripting and Oracle Database Tools are a plus