Application Security

Role: Application Security

  • Skills: AppSec | Location: TBD | Designation: Consultant / Lead Consultant | Band: E3

    Responsibilities:

  • Support asset development, process establishment.
  • Conducting application security assessments (web, mobile, web service, infra etc.), Threat Modelling, Security Architecture Review and PCI-DSS Assessment. These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as IBM AppScan/HP Fortify or CMx.  We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology.
  • Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options.
  • Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc.
  • Skills Required:

    Mandatory:

  • 8-10 years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing, Security Architecture Review Web Service/API security testing, Firmware Assessment.
  • Expert in Application Security process establishment.
  • Through exposure on DevSecOps implementation/integration.
  • Deep hands-on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc.
  • Security tool experience -  
  • IBM AppScan/CMx/Forfity/Nessus/MetaSpolit, Web Proxy
  • Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc.
  • Independent global client handling AppSec delivery exposure. >=3 years.
  • Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation.
  • Excellent interpersonal skill.