• Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST) – Web, Mobile, API, etc.
• Implementation & Configuration Expertise for Application Security Testing Tools in CICD environment
• Experienced in DevSecops including building Security Gates / threshold levels for build pass/fail & integration in CICD
• Experienced in variety of commercial and open-source Application Security Testing tools
• Preparing Application Security Framework based on OWASP, NIST 800-53, CSF
• Good knowledge of Application Threat Modeling, Application Architecture Design review
• Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application level
• Container Security implementation /good knowledge
• Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis
• Secure SDLC best practices practitioner & implantation experience
• Security Training to Developers
• Remediation Advisory knowledge
• Risk Scoring of Applications
• Deep knowledge of Programming Languages
• Ability to collaborate and communicate with other teams.
• Ability to build DevSecOps Maturity Model (DSOMM)
• A bachelor or Masters in degree in Technology is must. English proficiency both reading & writing is must
• Security Testing Tools – Fortify (SCA, Web Inspect, SSC ), Checkmarx, Burp suite, Rapid7, Accunetix, Qualys, Nessus, Veracode, Appscan, Open-Source Tools, etc.
• Experienced & good knowledge of Devop Tools /technologies like Jenkins, Azure Devops, Ansible, Chef, Docker etc., Containers, Bug tracking tools, ticketing system etc.
Desirable: Certified DevSecOps Professional certification, OSCP
Compulsory: Certified Ethical Hacker (CEH), B Tech
• Good Communication skills
• Managing projects and schedules.
• Mentoring application security testers, providing guidance in testing techniques, and assisting in the development of exploits for complex vulnerabilities.
• Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, etc.).