• Knowledge on OWASP top 10, SANS 25, and any regulations as per the application and business.
• Execute an application Vulnerability assessment and penetration testing strategy aligned with organization goals. Communicate security risks in applications and remediation guides to the development teams effectively.
• Perform Penetration testing (vulnerability Scans and manual assessments) on an agreed basis and to support remediation to the findings.
• Creating detailed Vulnerability reports and effective communications to the concerned team.
• Accurately identify and perform real-time analysis and eradication of false positives from the tool generated reports.
• Test the effectiveness of the implemented fixes on applications.
• Keep track of new vulnerabilities on various aspects
• Act as a security expert in application development efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
• Need experience with SAST DAST and SCA tools, which involves routine scans, tool installation updates, test policy details, and coordinating with vendors for any tool improvements or support withtroubleshooting, among other things.
• Coordinating with external vendors for any pen testing that is being initiated from the organization.
• Perform regular vulnerability scans on the infra and coordinate with IT teams on remediation.
• Perform security assessments on cloud and network infra.Desired Skills and Experience
• Excellent communication and reporting skills.
• Work closely with the Development Team for various Application Vulnerability assessment assignments.
• White box assessments - Perform Security code reviews for applications.
• Black box and grey box assessments on applications.
• Provide Analysis of findings and suggest appropriate mitigations.
• Benchmark applications against OWASP/SANS/CIS/NIST/ISO best practices.
• Provide assurance of adherence to best practices in security, penetration security.
• Understand Security Test Requirements, Prepare Security Test Scenarios & conduct Test execution.
• Practical knowledge of STRIDE/PASTA/CVSS threat modelling framework.
• Linux, OS hardening, aws cloud, Network security, application security, cloud security, VAPT, cyber threat intelligence
Experience: 5 to 10 yrs.
--
You must verify your mobile number to apply to this job.