-
Security test analyst/architect
-
Total IT experience ranging from 3.5 to 9 years.
-
At least 4 years of experience in application security testing (Web/ Thick client), Infra Penetration Testing, mobile security testing and secure code review, DAST,SAST.
-
Perform secure code review of software applications, developed in various languages (i.e. Java, ASP, .NET, C++, C#, PHP etc.)
-
Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
-
Co-ordinate with multiple Development Teams to understand application architecture, perform threat profiling, to be able to perform a comprehensive manual code review.
-
Should be proficient in Application Security Concepts, familiar with OWASP Top 10, SANS top 25 and other security best practices.
-
Basic understanding of the following protocols/technologies HTTP, SOAP/REST, SSL/TLS.
-
Experience in work with relational databases like ORACLE, MS-SQL, MySQL etc.
-
Analyze vulnerabilities, perform an impact analysis and risk determination.
-
Successfully lead and execute projects, mentor and train resources with focus on enhancing their skill sets.
-
Should have excellent communication Written, Oral and presentation skills.
-
Security certifications CISSP, CEH is desirable
-
Experience in secure software development standards, process, techniques and tools.
-
Security Consulting
Tools: Proficiency in most of the tools in each category
Secure code review –Checkmarx, HPFortify, IBMAppScan Source edition.
Web application vulnerability scanning tools - IBM AppScann, HPWebInspect, Burpsuite Pro
High level programming languages :Java, C, C++, .NET
Development Knowledge – ASP.NET, ASP, PHP, J2EE, JSP
Database scanning : NGS & Scuba
Vulnerability scanning tools : Qualys, Nessus,