Knowledge and skills required:
- Perform in-depth security assessment of web applications/API on various platforms and also experience in network infrastructure security assessment.
- Strong exposure to popular application security standards including OWASP top 10, SANS Top 25 etc and knowledge of leading security practices and regulatory requirements.
- Demonstrate knowledge of current vulnerabilities (SQL Injection, XXE, CSRF etc) and their exploitation techniques.
- Develop secure code practices and provide hands-on training to development teams.
- Work with cross functional teams to align and prioritise remediation efforts.
- Knowledge of Risk rating standards such as CVSS, DREAD, STRIDE etc.
- Understanding of programming languages such as PHP, HTML, javascript, etc
- Knowledge and understanding of windows, Linux, networking concepts and security infrastructure(firewalls, IDS/IPS etc).
- Experience in working with tools such as Burp Suite, Acunetix, OWASP ZAP scanner,Nessus, Qualys etc.
- Perform vulnerability assessment and configuration reviews on a routine and ad-hoc basis against: workstations,servers,network components etc.
- Good knowledge of any one of the scripting languages ( python, shell script etc)
Good to have :
- Experience in performing manual source code reviews.
- Mobile application security assessment.
- Microservices Pentesting.
- Good understanding of cloud technologies and working experience on AWS, Dockers, etc.
- Certification like CEH, CompTIA Security+, etc
Friday, September 11, 2020
Junior Security Analyst - Vulnerability Assessment (2-6 yrs) (Fidelity IT Jobs)
