Application Security Analyst

JD: 1. Security Assessment and Testing: - Oversee the assessment and testing of applications for security vulnerabilities throughout the software development lifecycle (SDLC). - Conduct or coordinate security reviews, code reviews, and penetration testing to identify and remediate security weaknesses. - Collaborate with development teams to integrate security testing tools and processes into their workflows. 2. Security Awareness and Training: - Promote awareness of application security risks and best practices among development teams, stakeholders, and other relevant parties. - Deliver or facilitate training sessions and workshops on secure coding practices, vulnerability management, and related topics. - Foster a culture of security consciousness and accountability across the organization. 3. Compliance and Regulatory Compliance: - Ensure that applications comply with relevant security standards, regulations, and industry certifications (e.g., OWASP, PCI DSS, GDPR). - Collaborate with compliance teams to assess and address security requirements imposed by regulatory bodies or contractual obligations. 4. Vendor and Third-Party Risk Management: - Assess the security posture of third-party applications, libraries, and services used within the organization's environment. - Establish and maintain processes for evaluating and managing the security risks associated with third-party software components. 5. Continuous Improvement and Innovation: - Monitor industry trends, emerging threats, and evolving security technologies to continuously improve the effectiveness of application security practices. - Identify opportunities for innovation and automation to streamline security processes and enhance the efficiency of security operations. Skills: 1. Prior work experience in application security is mandatory. 2. Should have solid experience in Penetration testing. 3. Candidates should be familiar with Azure WAF. 4. Candidates must have excellent verbal and written communication skills. 5. Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. 6. Familiarity with a variety of development and testing tools 7. Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques. 8. Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired. 9. linux Experienced in tools like Snyk, Tenable WAS, Invicti, Burp suite, Postman, kali 10. Experience in conducting Threat Modelling using STRIDE, PASTA etc Job Types: Full-time, Permanent Benefits: Health insurance Paid time off Provident Fund Schedule: Day shift Experience: Security Analyst: 3 years (Required) SDLC: 3 years (Required) Azure: 2 years (Required) Work Location: In person