Specialist - Architecture

Role description

Work experience

4 to 8 years of postqualification experience with strong working knowledge on Manual Security code review

Roles responsibilities

Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities web applications internal applications APIs internal and external networks and mobile applications

Perform manual security code review against common programming languages Java CSharp

Perform automated testing of running applications and static code SAST DAST

Experience in one or more of the following a plus AI pen testing

Need to work on application tools to perform security tests AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux

Able to explain IDOR Second Order SQL Injection CSRF Vulnerability Root cause Remediation

Educational qualifications

Masters preferably in computer science or MCA andor BE B Tech from a reputed University

Mandatory technical functional skills

Strong knowledge on manual secure code review against common programming languages Java C

Minimum three 3 years of recent experience working with application tools to perform security tests AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux or equivalent

Minimum three 3 years of performing manual penetration testing and code review against web apps mobile apps and APIs

Minimum three 3 years of working with technical and nontechnical audiences in reporting results and lead remediation conversations

Preferred one year of experience in development of web applications andor APIs

should be able to identify and work with new tools technologies to plug and play on client projects as needed to solve the problem at hand

One or more major ethical hacking certifications not required but preferred GWAPT CREST OSCP OSWE OSWA

Proposed designation Consultant

Role type Individual contributor

Working location BangalorePune

Work timings 12 PM to 9 PM

Skills

Mandatory Skills : Estimation,Application Security - Microfocus Fortify-SCA and SAST,Application Security - Microfocus Fortify DAST,Network PT,Attack Surface Management,Breach Attack Simulation,Red Teaming,Mobile Security - MAST Tool Implementation/ Dynamic Analysis (Penetration Testing)/ Static Analysis (Static Code Analysis)/ Remediation Advisory/ Tool Selection,Architectural diagrams,Application Security - Black Duck/ Sonartype IQ,Application Security - Burp Suite,Application Security - Checkmarx/ Synopsys / Veracode,Application Security - Rapid 7 (InsightAppSec),Application Security (application security framework/ threat modelling/ Secure SDLC/ DevSecOps/Application Security Architecture Review),Application Security DAST & Penetration Testing - review/ Implementation/ Scanning/ Secure Code Review/ OWASP/ Remediation Advisor/ Secure SDLC,Application Security SAST & SCA Tool - review/ Implementation/ Scanning/ Secure Code Review/ OWASP/ Remediation Advisory/ Secure SDLC,Application Security SAST and IAST - CheckMarx,Architecture Assessment,Architecture Governance,Capacity Planning,Compliance Evaluation,Cost Benefit Analysis Method,Devsecops /Appsec Automation / Appsec Maturity Program,DevSecOps automation - Jenkins, Ansible. Terraform, GitLab,Infra Vulnerability Management - Qualys,Infra Vulnerability Management - Rapid 7,Infra Vulnerability Management - Tenable IO,Infra Vulnerability Management - Tenable Nessus, SC, CS,Infra Vulnerability management/Triaging/ Remdiation Advisory / ServiceNow /ITSM /CMDB,Metasploit,Red Teaming - FireCompass,BaS - Cymulate,PT - Horizon3,PT - VA/ Discovery/ Enumeration/ Reconnaisance/ Scanning/ Manual/ Exploitation/ Analysis/ Reporting/ Zero Day/ corrective action/ Strategy,PT - Network PT/ Red Teaming (Internal and External)/ Attack surface management/ /Breach Attack Simulation/Mitre Attack - Discovery/ Enumeration/ Reconnaisance/ Scanning/ Manual/ Exploitation/ Analysis/ Reporting/ Zero Day/ corrective action/ Strategy,Application Security - Microfocus Fortify