Role: Application Security
Skills: AppSec | Location: TBD | Designation: Consultant / Lead Consultant | Band: E3
- Support asset development, process establishment.
- Conducting application security assessments (web, mobile, web service, infra etc.), Threat Modelling, Security Architecture Review and PCI-DSS Assessment. These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as IBM AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology.
- Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options.
- Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc.
- 8-10 years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing, Security Architecture Review Web Service/API security testing, Firmware Assessment.
- Expert in Application Security process establishment.
- Through exposure on DevSecOps implementation/integration.
- Deep hands-on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc.
- Security tool experience -
- IBM AppScan/CMx/Forfity/Nessus/MetaSpolit, Web Proxy
- Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc.
- Independent global client handling AppSec delivery exposure. >=3 years.
- Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation.
- Excellent interpersonal skill.