Job Description

Role Overview: Application Security Specialist is a hands-on tech oriented position. You will play a pivotal role within the Cyber Security Practice and work with delivery teams as well as networks and infrastructure support teams. .Embed security throughout the lifecycle of software delivery .Building and defining Security Testing practices .Play a consultant and advisory role to delivery team and clients Responsibilities: .Work closely with Application Development & IT team and serve as a single point of contact for all security testing related activities .Executing manual network, application penetration tests and security code reviews .Analyse application security architecture and understand security threats .Draw Data Flow Diagrams (DFD), prepare threat models, identify threats and suggest mitigation steps .Design and execute security test cases .Create and review security test reports and evidences .Provide recommendations to clients in fixing vulnerabilities .Develop frameworks and methodologies to evaluate security in new and emerging technologies including mobile application such as IOS, Android etc. .Assist in building security testing competency .Mentor and provide technical guidance to team members in executing test cases .To define testing criteria for systems and applications. .Write SOPs, SOW\'s .Technical and Process reviews of the team output - represent the team reports to all stakeholders. .To work with end clients to develop strategies and plans to enforce security requirements, and remediate identified risks / vulnerabilities. .Assist in building security testing competency .Bachelor\'s Degree (or equivalent) or advanced degree highly desired. .5 - 7 years of Security Testing and Project Management Experience .Good knowledge of network & application security vulnerabilities .In-depth knowledge and experience with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews. OSSTMM for network penetration testing .Experience in manual and automation penetration testing tools and techniques. Should have experience in using tools like Burp, ZAP, Veracode, Fortify, WebInspect, NMap etc. .Experience in performing threat modelling and identify attack vectors. Must be familiarity with STRIDE and DREAD concepts. .Must be able to handle tasks/activities with competing priorities .Must be able to work independently & guide team .Ability to handle multiple customers simultaneously from different industry verticals .Ability to manage a diverse team and getting them to deliver as expected .Ability to handle team challenges and resolve conflicts .Good verbal and written communication skills with the ability to talk to both business teams and technical teams .Security certifications such as OSCP, CEH, ECSA, GPEN

foundit