Job Description

Designation
ASSOCIATE CONSULTANT
No. of Positions
1
Experience
2.5-5 Years
Skill (Primary)
Information Security-APPLICATION SECURITY-APPLICATION SECURITY ASSESSMENT
Qualification
BE/B.Tech (Hons)
(Posting).
"Application Security Engineer
Job Summary:
This Application Security Engineer will be responsible for day-to-day engineering and operations work within our AppSec program. This includes both evaluating and setting up new AppSec tools, triaging application vulnerability findings from our existing tools, coordinating third-party pentests, and working directly with software engineers to provide software security architecture guidance. This role requires both a solid understanding of offensive and defensive software security concepts, and the ability to communicate effectively with software engineers across the firm.
Key Responsibilities:
- Collaborate with software engineers to design and facilitate the implementation of secure software architecture.
- Evaluate and set up software security tools to enhance our AppSec posture.
- Conduct security assessments of existing applications and software systems.
- Monitor and track the effectiveness of security measures and remediation efforts.
- Stay updated on the latest application security threats, trends, and best practices.
- Work closely with internal teams, including both IT and Security stakeholders, to align application security initiatives with company objectives.
- Assist in developing security training programs for software engineers.
Qualifications:
- Strong knowledge of application security architecture and tools.
- Experience with security assessment tools and methodologies.
- Ability to analyze complex security issues in software systems and provide actionable recommendations.
- Strong communication and interpersonal skills.
- Practical certifications such as those from Offensive Security, GIAC, ISC2, and others are a plus.
- Strong analytical and problem-solving skills."
(1.) To clearly understand the client's cybersecurity environment and respective product. (2.) To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools (3.) To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCA/data or logs collection (4.) To enable knowledge transfer/trainings through creation/ maintenance of configuration documents, test plans, operational manuals and provide operational training to L1 team. (5.) To analyse and fine-tune cybersecurity policies, participate in cybersecurity review calls pertaining to change requests & recommendations on cybersecurity policy changes. (6.) To implement changes, monitor security device performance and implements performance tuning when necessary. (7.) To prepare analyses and reports to highlight the project progress/challenges and ensure quality and accuracy to the client