Job Description

Work Locations i.e., Hyderabad/ Bangalore/ Mumbai/ Pune/ Gurgaon/ Kolkata/ Chennai JD for SAST+ SCA Required: Minimum of 7-9 years experience in application security development, security testing, secure code review, software composition analysis Deep interest in application specific vulnerabilities, code development and infrastructure knowledge Investigative and analytical problem-solving skills Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles Hands-on experience in performing code review of dot Net, Java, and Swift and objective C code Hands-on experience in running, installing, and managing SAST and SCA tools, such as Checkmarx, Fortify, Contrast, Veracode, Black Duck, Snyk, WhiteSource in large enterprise-Tools Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk Knowledge of CI (Cont.. integration & (Devops tools) /CD (. Devlp ) tool set and integrating security tools with CI/CD tool set Hands on experience on conducting Secure code review and Software composition analysis using automated tools Possession of excellent oral and written communication skill Certification such as SANS GIAC, ISC2 CISSP, OpenFAAS are a plus. are preferred JD for DAST + MPT Primary skills vulnerability assessment, penetration testing for web applications , web APIs and the client application. Should have capability for performing manual security assessments using Burpsuit, OWASP zap, etc., Experience on multiple commercial tool to perform Dast like Appscan, web inspect , Accunitix . Should be able to analyze the results , and perform false positive analysis or vulnerability reported by the scanners. Required: Bachelor\'s degree or higher in Computer Science, or equivalent. 3-7 years of experience working in the application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Proficiency in industry standard vulnerability testing tools like Appscan, Web Inspect, Burp Suite, ZAP proxy, Fiddler, Olly debugger, IDA Pro, EchoMirage etc. Ability to perform manual penetration testing and security assessments using automated tools. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Web Application Penetration Tester (GWAPT), Certified Ethical Hacker (CEH), or equivalent

foundit