Security test analyst/architect
a. Must to have:
• Total IT experience ranging from 6 to 14 years.
• At least years of experience in application security testing (Web/Thick client), Infra Penetration Testing, mobile security testing and secure code review.
• Perform secure code review of software applications, developed in various languages (i.e. Java, ASP, .NET, C++, C#, PHP etc.)
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Co-ordinate with multiple Development Teams to understand application architecture, perform threat profiling, to be able to perform a comprehensive manual code review.
• Should be proficient in Application Security Concepts, familiar with OWASP Top 10, SANS top 25 and other security best practices.
• Basic understanding of the following protocols/technologies HTTP, SOAP/REST, SSL/TLS.
• Experience in work with relational databases like ORACLE, MS-SQL, MySQL etc.
• Analyze vulnerabilities, perform an impact analysis and risk determination.
• Successfully lead and execute projects, mentor and train resources with focus on enhancing their skill sets.
• Should have excellent communication Written, Oral and presentation skills.
• Security certifications CISSP, CEH is desirable
• Experience in secure software development standards, process, techniques and tools.
• Security Consulting
• Tools: Proficiency in most of the tools in each category
• Secure code review –Checkmarx, HPFortify, IBMAppScan Source edition.
• Web application vulnerability scanning tools - IBM AppScann, HPWebInspect, Burpsuite Pro
• High level programming languages: Java, C, C++, .NET
• Development Knowledge – ASP.NET, ASP, PHP, J2EE, JSP
• Database scanning: NGS & Scuba
• Vulnerability scanning tools: Qualys, Nessus
--
You must verify your mobile number to apply to this job.