Experience: 7+ years
Shift: 1 PM to 10 PM IST
Preferred notice Period: Immediate to 30 days
Skills : Crate Modeling, Secure SDL, DevSecOps & Communication skills
Role Responsibilities
- Conduct thorough application security assessments to identify vulnerabilities and risks in web and mobile applications.
- Perform penetration testing to evaluate the security posture of applications and recommend remediation strategies.
- Develop and implement secure coding practices and guidelines for application development teams.
- Collaborate with cross-functional teams to integrate security measures throughout the software development lifecycle.
- Conduct threat modeling sessions to identify potential risks and establish security controls.
- Evaluate and implement security tools and technologies to enhance application security.
- Provide security training and awareness programs for developers on best practices in application security.
- Monitor and analyze security events and incidents, providing response strategies as needed.
- Research and stay updated on the latest security vulnerabilities and trends that may impact application security.
- Establish risk management processes to prioritize and mitigate identified vulnerabilities.
- Work with compliance teams to ensure adherence to security standards and regulations.
- Prepare detailed security assessment reports and communicate findings to stakeholders.
- Assist in the development of security policies and procedures related to application security.
- Participate in security audits and assessments to ensure compliance with industry standards.
- Lead remediation efforts for security weaknesses identified during assessments.
Qualifications
- Bachelor's degree in Computer Science, Information Technology, or a related field.
- Proven experience in application security assessment and penetration testing.
- In-depth knowledge of web and mobile application security vulnerabilities.
- Familiarity with frameworks and standards such as OWASP, NIST, ISO, and others.
- Hands-on experience with security tools like Burp Suite, OWASP ZAP, Fortify, etc.
- Strong understanding of secure coding practices across various programming languages.
- Excellent analytical and problem-solving skills.
- Strong communication skills, with the ability to present technical information to non-technical stakeholders.
- Experience with cloud security practices for applications hosted in cloud environments.
- Ability to work independently and collaboratively in a remote work environment.
- Certifications such as CISSP, CISM, CEH, or equivalent are preferred.
- Experience with risk management frameworks and methodologies.
- Knowledge of incident response processes and best practices.
- Ability to stay current with new security technologies and evolving security threats.
- Previous experience working with DevOps teams on security integration is a plus.
Skills: threat modeling,secure coding,incident response,owasp,secure sdl,penetration testing,security tools,cloud security,application security,devsecops,secure coding practices,communication skills,nist,application security assessment,iso,vulnerability assessment,crate modeling,risk management
