Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
Responsibilities:
- Conduct application security assessment for all types of applications, internet, extranet, Intranet, mobile, etc.
- Thorough review of various application architectures and attack vectors on application tier and database tier components.
- Conduct application vulnerability assessments, penetration testing with the usage of applications security tools and source code analyzers.
- Provide secure development standards and practices for the following application languages/platforms: Microsoft .NET, Xamrine, J2EE, IOS, Android and Oracle DB/MS SQL Server.
- Review Web-based solutions developed in HTML5, DHTML, CSS, and JavaScript.
- Providing fix recommendations for vulnerabilities to software development teams.
- Adopt one of the leading methodologies used in industry like OWASP, CVSS, and CWE, OSSTMM and/or SANS-25.
- Design and develop security controls for applications.
- Use of Secure Software Development Life Cycle (SSDLC) and IT Processes.
- Vulnerability Assessment and Penetration Testing.
- Empower Developers and Architects to Identify & Eliminate Software Vulnerabilities.
- Detailed and In-depth Application Security Analysis.
- Threat modeling and Application Design review
- Reporting Vulnerability assessment and fix recommendations.
Job Requirements
Minimum Requirements:
- Bachelor’s degree in Computer Science or related from a recognized and approved the program.
- 5 years of experience in cybersecurity, including at least 3 years in application security.
- Must have application development background (.Net Technologies, JAVA, Xamrine, Objective C, Swift)
- Experience in secure SDLC and threat modeling.
- Able to demonstrate experience in manual testing and static code scanning & analysis
- In-depth knowledge of application security and application-specific vulnerabilities.
- Must have experience in manual testing and source code analysis (C#, Java, JavaScript, Xamrine, Objective C, Swift, and others)
- Experience in vulnerability analysis and capability of identifying false positives in static code scanning reports is necessary
- Experienced with OWASP Top 10 most critical web application security risks
- Experience in scanning and analysis tools (IBM Appscan Enterprise, HP Web Inspect, ERPScan, IBM Source for Analysis, Burp Suite)