Location: Bangalore, KA, India
Job ID: 1003003
Security operations team is responsible for ensure that the Confidentiality, Integrity and availability of the organization is always protected. In this role, individual is expected to define the policies, standards and procedures for the protection of data. As an Application Security & Threat Modeling specialist, you will be a key advisor to the in-house development team design and implement application security best practices. You will apply your technical skills to find ways to improve the application security by performing thorough security testing. Work with the stake holders to get the issues resolved. This role will also support periodic compliance activities on the applications, where application risk assessment is required for SOX and other standards.
This position requires:
• Participate in and support application security reviews and threat modeling, including static code review and dynamic testing.
• Own and perform application security vulnerability management & application penetration testing program
• Track the identified issues in applications to closure
• Own the implementation and finetuning of WAF (Web Application Firewall)
• Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles
• Assist in securing various APIs used by application include performing AppSec testing on them
• Support and consult with product and development teams in application security
• Assist in the creation of application security program
• Assist in development of automated security testing to validate that secure coding best practices are being used
• Familiarity with common security libraries, security controls, and common security flaws
• Basic development or scripting experience and skills.
• Experience with OWASP, static/dynamic analysis, and common security tools
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Experience working with developers.
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• 7-9 years of progressive experience in one or more of the following: Application security, Threat Modeling, code reviews, exposure to the entire SDLC process
• Bachelor's degree from an accredited college / university. Management degrees MS, M. Tech or MBA in relevant field would be an added advantage.
• Preferred Certifications
o Certified Application Security Engineer (CASE)
o Certified Application Security Specialist (CASS)
o GIAC Certified Web Application Defender (GWEB)
o GIAC Web Application Penetration Tester (GWAPT)
• Having a background or exposure to But Bounty program will be desirable
• Having a CVE ID to your name would be an added advantage
• Experience in working on Web Application Firewall rules
Work Schedule: 2 PM to 11 PM / 5 PM to 2 AM