Job
Description
Netsentries Application Security Engineers will perform code-aware security assessments, Threat Modeling, SAST, SCA, Security Engineering reviews, etc., of enterprise Web/Mobile applications on different platforms developed in various programming languages. They will work closely with the Netsentries AppSec and client development teams to remedy the identified vulnerabilities. Core responsibilities include: Perform in-depth static secure code analysis with open source and commercial tools Perform Threat Modeling and in-depth manual secure code reviews Perform security engineering reviews Reverse Engineering App binaries and analyzing the decompiled/disassembled code Prepare advisory for developers of the application on secure coding practices for addressing vulnerabilities identified Experience with assessments based on standards like etc. Collecting evidence to demonstrate the findings Collaborating with client-side application security and development teams Handle enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages Execute code-aware security assessments in adherence with industry standards like OWASP ASVS,OWASP MASVS,OWASP Top10, OWASP Mobile Top 10, SANS 25, PCI-DSS, HIPAA, MITRE-CWE etc. Experience with enterprise SAST projects involving a variety of programming languages including and not limited to web applications with Java, .NET, etc., Android and iOS mobile applications programming languages Skills Required: A degree in computer science or related field and/or equivalent experience in software development. Exposure to industry standard development practices and programming languages would be a plus. Demonstrable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps. Excellent interpersonal communications skills. Experience with Android / iOS mobile platforms Experience in performing secure code reviews / reviewing results of static analysis tools Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities & Exposures (CVE) and their remediation recommendations Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them Understanding of OWASP Top 10 Certifications like OSWE is preferred Experience working with commercial SAST/SCA solutions like Checkmarx,Veracode,Synopsis etc. is an advantage.
