Job Description

Application Security Consultant This role has been designated as \'Edge\', which means you will primarily work outside of an HPE office. : Provide technology consulting to external customers and internal project teams. Responsible for providing technical support and/or leadership in the creation and delivery of technology solutions designed to meet customers\' business needs and, consequently, for understanding customers\' businesses. As trusted advisor create and maintain effective customer relationships so as to insure customer satisfaction. Maintain knowledge of leading edge technologies and industry/market domain knowledge. Actively contribute to the company\'s solutions portfolio by providing information ranging from technical knowledge to methodologies based on experience gained from customer projects. Shape technical direction and technical strategies within the organization and for external customers. Accountable for consistent and significant chargeability levels (or expense relief for internal project teams) and for assisting in meeting or exceeding revenue and customer satisfaction goals. Contribute to organization\'s profitability by generating and cultivating new business opportunities and by providing technical support for deal proposal development. Applies advanced subject matter knowledge to solve complex business issues and is regarded as a subject matter expert. Frequently contributes to the development of new ideas and methods. Works on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors. Leads and/or provides expertise to functional project teams and may participate in cross-functional initiatives. Acts as an expert providing direction and guidance to process improvements and establishing policies. Frequently represents the organization to external customers/clients. Exercises significant independent judgment to determine best method for accomplishing work and achieving objectives. May provide mentoring and guidance to lower level employees. What you\'ll do: Description of Role: The Application Security Consultant should have a strong understanding of the emerging security practices and standards related to SDLC. Should be able to consult, engineer and apply security best practices while testing, designing and proposing solutions to our enterprise customers. An Application Security Consultant undertakes complex work of a high-risk level, often working on several projects. In this role, you will: Interact with senior stakeholders like development, testing and QA Reach and influence a wide range of people across larger teams and communities Research and apply innovative security techniques, solutions to new or existing problems and be able to justify and communicate design decisions Develop vision, principles, strategy and effectively communicate to respective stakeholders Understand the impact of decisions, balancing requirements and deciding between approaches Produce patterns and support quality assurance Lead the technical design of systems and services Responsibilities Below will be the scope of the role Application Security (Web, App, API) Secure Code Review Application Modernization with Security Static & Dynamic code scanning tool & methodologies (Fortify, Whitehat, Burp) Web, Mobile, API development frameworks, protocols, content management systems & Techniques OWASP, SANS Tools & Technologies Penetration Testing Execution Standard (PTES) Automated & Manual code review Technical documentation. Product evaluation, POC. Implementation, Migration and Architect of Security Technology and Solution DevOps, DevSecOps and SRE (site reliability Engineering) mindset What you need to bring: Qualifications/Experience: Bachelor\'s degree in any stream. Minimum 3 years of working experience in Cyber Security Consulting or Advisory. Successfully delivered at-least 2 (two) Cyber Security consulting and implementation projects as consultant in recent years (2 years). Certification: Preferred Certification: Certified Application Security Engineer (CASE) Certified Secure Software Lifecycle Professional (CSSLP) GIAC Certified Web Application Defender (GWEB) Offensive Security Web Assessor (OSWA) certification Offensive Security Web Expert (OSWE) certification Certified Security - Specialty .. Certification should be valid Knowledge and Skills Candidate should have experience in the below domains Application Security testing as SAST/DAST/IAST approach (Fortify, Veracode, Burp Suite) Secure Code review, Open-Source validation (Gitlab, Coverity, SonarQube, Black Duck) Good knowledge in Cryptographic, Authentication techniques and associated Risk Identification & remediation Hands on experience with Automation Tools (e.g., Ansible, Chef, Puppet) Proficient with scripting and fair understanding of SDLC (Perl, Python, Json, SQL) Well depth understanding of Database knowledge (Oracle, MS SQL, NoSQL, Dynonamodb) Well versed with OWASP Top10 and SANS top 25 Vulnerabilities and remediation Well understanding on PTES (Penetration Testing Execution Standard) Experienced with Application migration from Monolithic to Microservices Architecture Well understanding Software Security Framework (e.g., Building Security In Maturity Model -BSIMM, Software Assurance Maturity Model -SAMM) Well depth understanding and hands on experience with OWASP MobSF Hands on experience with client side application testing on Android and Ios platform Good written & verbal communication and analytical skills. Good documentation skills. Good problem-solving skills. Job: Services Job Level: Expert Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

Monster