1) Understanding of different cyber security services like vulnerability management SOC, SIEM and audit & Compliance.
2) Sound knowledge on Cryptography and secure coding best practices.
3) Hands on experience in working with DevOps and Agile teams following a secure software development lifecycle. Should be able to provide hands on leadership in improving automation and incorporating security as part of the CI/CD pipeline.
5) Industry certifications should be added advantage –
b. GIAC GWAPT
c. GIAC GPEN
d. GIAC GMOB
1) Excellent communication skills are mandatory. The role demands a great deal of larity in thought and word is needed on a daily basis.
2) Strong ability to prioritize tasks and ability to deliver a portfolio of testing assignments.
3) Strong decision making skills and the ability to act independently without much direction
4) Strong inter-personal and mentoring skills. A demonstrated ability of mentoring junior members in the team would be an asset.
Strong ability to translate between business talk and technical details is a must. The role requires interaction with non-technical business staff.
• Perform and assist in the conduct of Code Security Review assessments for critical banking applications
• Perform false-positive-analysis and review findings from automated assessment
• Security Certification like CEH, OSCP, CISSP preferred
• Be an advisory to development team and assist development team in fixing open vulnerabilities
• Adhere to bank’s Code Security review process and produce all required artefacts as part of process
• Excellent written, oral communication, reporting skills and overall ability to work closely with technical teams, and conversant with a multi-ethnic culture
• Should have knowledge of mobile application security assessment
• Experience in API and Thick client applications security assessment.
IT experience in Application Security including Code Security Review/ SAST / DAST / Dynamic testing.
Hands-on-experience in using IBM AppScan, BurpSuite and familiarity in handling of industry standard source code review tools such as Veracode, Fortify, HCL AppScan, Checkmarx and CERT secure coding standards
Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks