Send me more jobs like this

Application Security Analyst

Keywords / Skills : Java, Python, JavaScript, Manual security testing, VAPT, Fuzz testing, Cryptography, SLDC

3 - 10 years
Posted: 2019-02-07

Job Description
Application Security Analyst
ROLES AND RESPONSIBILITIES:
• Develop, recommend, evaluate, integrate, deploy and perform technical security assessments on our web applications, mobile apps, and architecture designs

• Implement and enforce security tools including static, binary and dynamic analyzers, and fuzzers for various business units in alignment with our core secure-SDLC strategy

• Should be experienced in performing vulnerability assessment / penetration test of web application and mobile apps, application security vulnerability assessment covering OWASP methodology & scanning tools, manual reviews, code reviews, design reviews, infrastructure reviews, risk evaluation for apps as per OWASP TOP 10 & SANS TOP 25

• Communicating risks effectively to engineering staff through technical demonstration of vulnerabilities and secure design patterns for security topics

• Identifying risk in code, applications, processes, and architecture

• Seeking out opportunities to automate processes when appropriate

• Tracking, reviewing, validating and responding to issues detected during internal reviews or reported via our Bug Bounty program

• Certification such as CEH, GIAC GPEN/GWAPT, LPT or similar would be a plus.

• 4-6 years’ experience in security testing of web applications and mobile apps

• Experience in manual secure code review in languages such as JavaScript, Java, C#, and PHP

• Familiarity with common web application testing tools for DAST, SAST, and IAST such as Fortify, Checkmarx, Veracode, Burp Suite, IBM AppScan, WebInspect, Contrast etc.

• Knowledge of authentication mechanisms like SAML, OAuth, etc.

• Familiarity with DevSecOps culture 

QUALIFICATIONS AND EDUCATION REQUIREMENTS:
• BE or ME/MS in Computer Science, or equivalent education or experience 

PREFERRED SKILLS:
Looking for candidates for Application Security having 3 - 10 years’ experience in:

• SAST/DAST/IAST hands on knowledge

• Manual security testing

• Secure code review

• VAPT

• Fuzz testing

• Secure SDLC knowledge

• Cryptography

• WAF

• OSS risk management using Whitesource, BlackDuck, Sonatype or similar

LANGUAGES:
Java, Python, JavaScript (any one or similar) 

ADDITIONAL NOTES:
We need you to make the ASG developers to adhere to security standards before committing any mistakes



About Company

ASG Worldwide Private Limited
Similar Jobs
View All Similar Jobs


Walkin for you