About The Company
Infocus Technologies Pvt. Ltd., headquartered in Kolkata, is a leading consulting firm specializing in SAP, ERP, and cloud consulting services. As an ISO 9001 :2015 DNV-certified, CMMI Level 3 accredited organization and a Gold SAP Partner in Eastern India, Infocus delivers scalable digital transformation through SAP implementation, version upgrades, enterprise application integration (EAI), and AWS cloud migration services.
Role Overview
We are looking for a skilled Application Security Analyst to join our growing cybersecurity team. The ideal candidate will have deep technical expertise in application security, secure SDLC practices, vulnerability assessment, risk mitigation, and governance frameworks. You will play a key role in ensuring security is embedded across the software development lifecycle and protecting applications from evolving cyber threats.
Key Responsibilities
Application Security & Secure SDLC :
- Integrate application security best practices into the Software Development Life Cycle (SDLC).
- Conduct security reviews and threat modeling for new and existing applications.
- Collaborate with development teams to ensure secure coding practices are adopted.
- Review architectural and design documents from a security standpoint and suggest improvements.
Vulnerability Assessment & Management
- Perform dynamic (DAST), static (SAST), and software composition analysis (SCA) using tools such as Fortify, Veracode, Checkmarx, or similar platforms.
- Identify, analyze, and triage vulnerabilities; work closely with developers and stakeholders to prioritize and remediate findings.
- Maintain and enhance vulnerability management processes, including patch management tracking and reporting.
Security Governance & Compliance
- Ensure application compliance with internal security policies, industry standards (OWASP, NIST, ISO 27001), and regulatory frameworks (e.g., GDPR, PCI-DSS).
- Participate in risk assessments, internal and external audits, and regulatory inspections.
- Generate technical documentation, risk assessments, and compliance reports as needed.
Security Tooling & Automation
- Support the integration of security tools into CI/CD pipelines (DevSecOps).
- Recommend and implement automation solutions to streamline security processes.
Incident Response & Monitoring
- Support application-level incident investigations and assist in root cause analysis.
- Work with the SOC team to monitor application logs and security events for anomalous behavior.
Collaboration & Training
- Act as a security advisor to development and product teams.
- Conduct training and awareness sessions for developers and product owners on secure coding, threat modeling, and vulnerability handling.
Required Skills & Qualifications
- Bachelors degree in Computer Science, Information Security, or related field.
- 4 5 years of experience in application security, vulnerability assessment, and secure software design.
- Strong understanding of OWASP Top 10, CWE/SANS Top 25, threat modeling, and attack vectors.
- Hands-on experience with security testing tools (e.g., Burp Suite, ZAP, Fortify, SonarQube, Veracode).
- Familiarity with DevSecOps tools and CI/CD pipeline integrations (e.g., Jenkins, GitLab, Azure DevOps).
- Working knowledge of cloud application security (AWS, Azure) is a plus.
- Proficient in scripting (Python, PowerShell, Bash) for automation of security tasks.
- Experience in audit support, compliance reporting, and governance documentation.
(ref:hirist.tech)
