Cyber Security Engineer - Applications Security (5-10 yrs) (Tech Tatva)

Functional Responsibilities:

- Application security testing techniques, using automated tools and manual testing

- Hands on experience with one or more tools like Acunetix Premium and Acunetix 360, Veracode SAST and SCA, Burp Suite, Kali Linux, Metasploit, HP Fortify on Demand, SSL Scanner,

- Ability to document and explain risks and vulnerabilities to technical stakeholders

- Perform manual and automated application vulnerability assessments and document vulnerabilities which were found and provide recommendations for remediation

- Hands-on experience in performing code review of dot Net, Java and PHP, Python, Node & React JS Application.

- Hands on Experience on Performing Software composition Analysis using Open Source and commercial tools.

- Hands-on experience in running, installing, and managing SAST, DAST and IAST solutions, such as Fortify on Demand, Veracode, Acunetix Premium and Acunetix 360 Contrast in large enterprise

- Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk.

- Hands-on experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, JIRA tools

- Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles.

- Provide security recommendations as a subject matter expert for development teams during all phases of development

- Track open issues and follow up to ensure remediation using JIRA tool

- Provide guidance to application groups on application security best practices

- Enhance and deliver application security training to Dev team.

- Discovery of application security weaknesses and writing recommendations for preventing or fixing them.

- Knowledge of Security compliance like GDPR, PCIDSS, ISO27001

Key Competencies :

- Experience with various programming languages (preferred C, C++, Java, Python, and JavaScript)

- Hands on Security Testing Experience on API (REST, SOAP) and Mobile Applications.

- Able to multi-task and work independently with minimum supervision to meet firm deadlines

- Performs other special projects or duties as assigned

- Code review skills are a definite plus.

Qualifications :

- 5 + years industry experience in application security domain

- One or more certifications like CISSP, CEH, Security +, OSCP

- Knowledge of secure development principles in at least one environment (i.e. Java or .NET) System development experience in technologies like Java, JavaScript, Angular JS, Python, Ruby, .Net technologies.

Apply Now