Associate - Source Code

We are looking for experienced members with:

*strong analytical and problem-solving abilities

*willingness and to learn new technologies and adapt to changing project requirements

*ability to prioritize tasks and manage time effectively to meet deadlines

*good verbal and written communication skills

*ability to work collaboratively in a team setting

Years of experience required

5-7 Years

Job Position

Associate/Senior Associate

Job Location

Bangalore/Gurgaon/Kolkata

Responsibilities

1. Review application source code based on the industry standard security frameworks and organization's internal security policy.

2. Running the source code scan and analyzing the results derived from the SAST platform.

3. Coordinate with application development teams to ensure identified gaps are fixed in proper time.

4. Work with the application development team to eliminate false positives, to clarify compensating security controls.

5. Closely work with issue management team to ensure proper remediation plans are in places with well documented records.

6. Collaborate with senior developers and architects to ensure security best practices and secured design patterns are followed.

7. Work closely with other team members, including project leads, regional leads and territory security leadership team.

8. Provide regular updates on progress and issues to project managers and stakeholders

Skill sets

1. Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10).

2. Strong knowledge of Industry standard SAST tools (e.g. Veracode, Fortify on Demand).

3. Strong knowledge of Industry standard SCA tools (e.g. Blackduck).

4. Strong knowledge in manual and tool-based code review process, focusing on OWASP methodology.

5. Strong Knowledge of security vulnerability identification and remediation methodologies.

6. Familiarity with industry standard security frameworks and policies.

7. Strong knowledge of DevSecOps practices and integration of security within CI/CD pipelines.

Certifications/Credentials (Optional)

CEH, CISM, CCSK

Education qualification

BTech/BE/MTech from reputed institution/university as per the hiring norms