Responsibilities:
• Conduct thorough Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications to identify potential security weaknesses, vulnerabilities, and risks.
• Perform Static Application Security Testing (SAST) to analyse application source code and uncover security issues at an early stage of development.
• Implement Software Composition Analysis (SCA) techniques to identify and manage third-party components and libraries, assessing their security posture.
• Collaborate with cross-functional teams to integrate security practices into the software development lifecycle, ensuring secure coding standards and practices are followed.
• Lead Threat Modelling exercises to proactively identify and evaluate potential security threats and risks, providing recommendations for mitigation strategies.
• Work closely with team members, partners, and relevant businesses within the News Corp community to understand their security requirements and address their concerns.
• Develop and maintain comprehensive documentation related to VAPT, SAST, SCA, and Threat Modelling processes, findings, and recommendations.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices to continually improve the effectiveness of security measures.
• Experience with common information security management frameworks like NIST CSF, NIST SP 800, OWASP.
• Extensive experience with web and mobile application security tools like code scanners (Checkmarx, Fortify, Snyk, Nexus) and dynamic analysis tools (Burp Suite, HCL Appscan, OWASP ZAP, etc.).
• Review application code for security vulnerabilities and practices dangerous to security and privacy.
• Identify areas for automation and tooling to increase code coverage.
• Manage integration with manual and automated tools for static and dynamic testing.
• Write reports including recommendations, root cause analysis, security summary analysis, and project roadmaps.
• Establish metrics and reporting to track coverage and effectiveness of security processes.
• Provide guidance and mentorship to junior team members, fostering skill development and knowledge sharing.
• Lead analysis of the current environment to detect critical deficiencies and recommend solutions for improvement
Required Experience & Qualifications
• Minimum 4-6 years of experience in Application Security performing DAST, SAST, Penetration Testing, SCA and Threat Modelling
• 1-2 years of software development with at least 1 year in developing secure systems.
• Experience in one or more of the following modern languages/frameworks - Python, Java, Ruby, node.js, JavaScript, PHP.
• Basic understanding of DevOps principles and building code pipelines.
• A passion for application security and working knowledge of web application and Mobile application vulnerabilities and mitigations.
• Known for being a great communicator and collaborator with excellent written and verbal communication skills.
• Provide recommendations to improve the effectiveness of the scanning tool to reduce future false positives
• Conducting communications to the respective audiences at the proper frequency
• Managing root cause analysis and lessons learned to accommodate growth in maturity and improve overall technical hygiene
• Prioritise responses to accommodate scale and business needs
Desired Qualifications
• Professional certifications such as CPENT, CEH, OSCP, or related certifications are a plus.
• Proficiency in programming languages commonly used in web and mobile application development.
• Excellent verbal, written, and interpersonal communication skills
• Experience working in a large enterprise environment
• Strong analytical skills with high attention to detail and accuracy
• Able to work effectively, as well as independently, in a team environment
• Strong organisational, multi-tasking, and prioritising skills
• Able to meet time-sensitive deadlines required
• Able to work collaboratively and build consensus is essential
• Able to make sound decisions and exercise good judgement
• Able to work and achieve goals without constant supervision
• Able to handle confidential material in a professional manner
Preferred Skills & Knowledge
• Advanced knowledge and experience in VAPT, Threat Modelling, Red Teaming activities.
--
You must verify your mobile number to apply to this job.