Application Security I 6 to 9 years I Mumbai & Bengaluru

Job Description

1)      Understanding of different cyber security services like vulnerability management SOC, SIEM and audit & Compliance. 
2)    Sound knowledge on Cryptography and secure coding best practices. 
3)    Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle. Should be able to provide hands on leadership in improving automation and incorporating security as part of the CI/CD pipeline.
4)    Good to have knowledge on programming and scripting skills in languages like Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift etc.
5)    Industry certifications should be added advantage –
a.    CEH
b.    GIAC GWAPT
c.    GIAC GPEN
d.    GIAC GMOB
e.    CISSP
f.    OSCP

Non-technical skills:

1)    Excellent communication skills are mandatory. The role demands a great deal of larity in thought and word is needed on a daily basis.
2)    Strong ability to prioritize tasks and ability to deliver a portfolio of testing assignments.
3)    Strong decision making skills and the ability to act independently without much direction
4)    Strong inter-personal and mentoring skills. A demonstrated ability of mentoring junior members in the team would be an asset.
Strong ability to translate between business talk and technical details is a must. The role requires interaction with non-technical business staff.

•    Perform and assist in the conduct of Code Security Review assessments for critical banking applications 
•    Perform false-positive-analysis and review findings from automated assessment 
•    Security Certification like CEH, OSCP, CISSP preferred
•    Be an advisory to development team and assist development team in fixing open vulnerabilities
•    Adhere to bank’s Code Security review process and produce all required artefacts as part of process
•    Excellent written, oral communication, reporting skills and overall ability to work closely with technical teams, and conversant with a multi-ethnic culture
•    Should have knowledge of mobile application security assessment 
•    Experience in API and Thick client applications security assessment. 

Primary Skills

IT experience in Application Security including Code Security Review/ SAST / DAST / Dynamic testing.
Hands-on-experience in using IBM AppScan, BurpSuite and familiarity in handling of industry standard source code review tools such as Veracode, Fortify, HCL AppScan, Checkmarx and CERT secure coding standards

Secondary Skills

Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks

Ref:

508344

Posted on:

March 19, 2021

Experience level:

Experienced

Contract type:

Permanent

Location:

Bangalore

Department:

Cyber Security