Application Security Analyst
ROLES AND RESPONSIBILITIES:
• Develop, recommend, evaluate, integrate, deploy and perform technical security assessments on our web applications, mobile apps, and architecture designs
• Implement and enforce security tools including static, binary and dynamic analyzers, and fuzzers for various business units in alignment with our core secure-SDLC strategy
• Should be experienced in performing vulnerability assessment / penetration test of web application and mobile apps, application security vulnerability assessment covering OWASP methodology & scanning tools, manual reviews, code reviews, design reviews, infrastructure reviews, risk evaluation for apps as per OWASP TOP 10 & SANS TOP 25
• Communicating risks effectively to engineering staff through technical demonstration of vulnerabilities and secure design patterns for security topics
• Identifying risk in code, applications, processes, and architecture
• Seeking out opportunities to automate processes when appropriate
• Tracking, reviewing, validating and responding to issues detected during internal reviews or reported via our Bug Bounty program
• Certification such as CEH, GIAC GPEN/GWAPT, LPT or similar would be a plus.
• 4-6 years’ experience in security testing of web applications and mobile apps
• Familiarity with common web application testing tools for DAST, SAST, and IAST such as Fortify, Checkmarx, Veracode, Burp Suite, IBM AppScan, WebInspect, Contrast etc.
• Knowledge of authentication mechanisms like SAML, OAuth, etc.
• Familiarity with DevSecOps culture
QUALIFICATIONS AND EDUCATION REQUIREMENTS:
• BE or ME/MS in Computer Science, or equivalent education or experience
Looking for candidates for Application Security having 3 - 10 years’ experience in:
• SAST/DAST/IAST hands on knowledge
• Manual security testing
• Secure code review
• Fuzz testing
• Secure SDLC knowledge
• OSS risk management using Whitesource, BlackDuck, Sonatype or similar
We need you to make the ASG developers to adhere to security standards before committing any mistakes