Application Security Testing Engineer

ENGINEER

• Job Profile Details: Execute complex Application Security Code Review projects for different types of applications including mobile, web services, web apps and thick-client
• Execute Application Penetration Testing projects as business demands Gain in-depth knowledge and understanding of applications developed in various languages (ie
• Java, ASP
• NET, PHP, React JS, Angular JS, C++, C#, etc)
• Involve in application architecture understanding, vulnerability identification and control analysis Perform likelihood determination, impact analysis and risk determination
• Provide risk prioritization including recommendation and documentation of solutions Identify and infer the business risk posed by the weaknesses identified during the assessments Successfully comprehend complex applications written by others from reading code and application design
• Demonstrate strong communication (verbal and written) with internal and customer stakeholders
• Engage with both business and technical personnel within and outside the organization from a project scope definition, project execution, project closure perspectives Stay current with emerging technologies and industry trends and conduct knowledge sharing sessions to rest of the team members Build knowledge on different risk assessment methodologies and frameworks and how to apply them to diverse applications
• Be open for onsite deployments as business demands
• Skills required: 3+ years of Security Code Review
• Experience Experience with application development 3 years combined experience with J2EE (servlet/JSP) and/or NET (C#/VBNet and ASP
• NET) 2+ years of application security testing experience and security code review experience Knowledge of Design Patterns Experience with relational databases from an application development perspective Ability to handle difficult situations and to provide alternative solutions or workarounds Flexible and creative in helping to find acceptable solutions Good communication and writing skills with ability to talk to both business and technical personnel
• Preferred Skills: Experience with different frameworks (Struts, Spring, MVC,
• NET) and understanding of AJAX and web services Experience in Application Architecture Reviews will be a plus
• Any Cyber Security related certification and Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc
• ) Basic understanding of the following protocols/technologies such as SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc
• ) Ability to work alone and in collaboration with a team