Job Description

Exp - 10 + years
Location - Mumbai, Bangalore, Hyderabad, Chennai, Pune
Must have - Application Security - Security Analyst - SAST, DAST & DevSecOps, Devops
Notice - Immediate to 15 days
SAST, DAST & DevSecOps
P4 Position: Application Security - Security Analyst - SAST, DAST & DevSecOps
Primary Skills

• Expert in Dynamic Application Security Scan/Analysis (DAST)
• Expert in Static Application Security Scan/Analysis (source code review) (SAST)
• Hands on experience of Synopsys Coverity, Burp suite Pro, Azure Devops, security gate best practices, OWASP top 10
• Good Knowledge of DevSecOps (Secure CI/CD integration)
• Vulnerabilities Assessment and Penetration Testing (VAPT) at application + Infrastructure level
• Good knowledge of OWASP Top 10
• Expert in Vulnerability assessment of web applications (internal & external),
• Proficient with manual and automated scanner approaches
• Knowledge of software vulnerability remediation techniques and libraries used in applications, Programming knowledge etc.
• Management and configuration of SAST & DAST Testing Tools
• Preparing security advisories and defining the severity levels for the vulnerabilities
• Scanning, validation and reporting of vulnerabilities on daily and monthly basis
• Preparing security reports for the management
• Remediation Advisory Support
• Good Communication skills
• Managing projects and schedules.

Secondary Skills

• Web Application Penetration Testing
• Embedded Application IoT Security Testing
• Mobile Application Penetration Testing (Android & iOS)
• API Security Testing
• Assisting in the development of exploits for complex vulnerabilities.
• Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, OWASP ASVS, NIST 800-53, etc.).

Education:
A bachelor or Masters in degree in Technology is a must. English proficiency both reading & writing is must.
Technologies /Tools:
Burp suite, fortify (SCA & Web Inspect), BurpSuite Pro, Accunetix, Veracode, Checkmarx, Qualys WAS, Tenable .io Web Application, Nessus, etc.
Certifications:

• Desirable: CSSLP, Cloud Security and DevSecOps Automation Certification (GCSA), Certified DevSecOps Engineer (CDE)
• Compulsory: Certified Ethical Hacker (CEH), B Tech

Please share me your updated resume to hema.nancy@cielhr.com