Application Security Testing Engineer(Code Review)

• Involve in application architecture understanding, vulnerability identification and control analysis.
• Perform likelihood determination, impact analysis, and risk determination.
• Provide risk prioritization including recommendation and documentation of solutions.
• Identify and infer the business risk posed by the weaknesses identified during the assessments.
• Successfully comprehend complex applications written by others from reading code and application design.
• Demonstrate strong communication (verbal and written) with internal and customer stakeholders.
• Engage with both business and technical personnel within and outside the organization from a project scope definition, project execution, project closure perspectives.
• Stay current with emerging technologies and industry trends and conduct knowledge sharing sessions to rest of the team members.
• Build knowledge on different risk assessment methodologies and frameworks and how to apply them to diverse applications.
• Be open for onsite deployments as business demands.

Skills required:

• 3+ years of Security Code Review Experience.
• Experience with application development.
• 3 years combined experience with J2EE (servlet/JSP) and/or .NET (C#/VB.Net and ASP.NET).
• 2+ years of application security testing experience and security code review experience.
• Knowledge of Design Patterns.
• Experience with relational databases from an application development perspective.
• Ability to handle difficult situations and to provide alternative solutions or workarounds.
• Flexible and creative in helping to find acceptable solutions.
• Good communication and writing skills with ability to talk to both business and technical personnel.

Preferred Skills:

• Experience with different frameworks (Struts, Spring, MVC, .NET) and understanding of AJAX and web services.
• Experience in Application Architecture Reviews will be a plus.
• Any CyberSecurity related certification and Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.).
• Basic understanding of the following protocols/technologies such as SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.).
• Ability to work alone and in collaboration with a team.