Job
Description
Job Title: Lead Application Security/ Sr. Lead Application Security Experience Required: 4-8 years. Job Summary: Seeking for a highly skilled and experienced Application Security Specialist who will play a crucial role in ensuring the security and resilience of our organisations systems, networks, and infrastructure. He will be collaborating closely with development and operations teams to integrate security practices throughout the software development lifecycle. The role will involve identifying vulnerabilities, defining and implementing secure coding practices, conducting security assessments, performing day to day WAF & BOT operations and ensuring compliance with industry standards and regulations. Required Skills: The candidate should have minimum experience of 5 years in vulnerability assessment & penetration testing (VAPT) and WAF solutions. Mandatory: Proven experience in application security, with a focus on web and mobile applications. Proficiency in wide range of security tools and frameworks, such as Metasploit, Burp Suite, Nmap, Wireshark, Kali Linux, PowerShell Empire, Cobalt Strike, and others. Awareness of current cyber threats, attack trends, and threat actor tactics, techniques, and procedures. Familiarity with industry standards (e.g., OWASP Top 10, CWE) and regulatory requirements (e.g., GDPR, PCI-DSS). Experience in managing and optimizing WAF and BOT management systems. (e.g. Akamai, Cloudflare, Imperva etc.) Excellent communication and collaboration skills. Good to have: Experience with cloud security, container security and DevSecOps practices is desirable. Evaluate and implement WAF & BOT management solutions to detect, mitigate, and respond to bot activities. Experience in scripting and automation for WAF & BOT rule deployment and management (e.g., Python, PowerShell). Certification: Mandatory: Certifications such as Certified Red Team Operator (CRT), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) are highly desirable. Good to have: Certifications such as CREST Practitioner Security Analyst (CPSA), Certified Expert Penetration Tester (CEPT) etc. Qualifications: 1. Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). 2. Strong understanding of networking protocols, operating systems, and security technologies. 3. Excellent analytical and problem-solving skills. 4. Proficient in at least one scripting language. Responsibilities: 1. Define and implement secure coding standards and practices. 2. Conduct security assessments, code reviews, and penetration testing. 3. Collaborate with development and operations teams to integrate security into the SDLC. 4. Identify and prioritize application security risks and vulnerabilities. 5. Design and implement security controls and solutions to mitigate risks. 6. Stay updated with emerging threats and industry best practices. 7. Drive compliance with relevant security standards and regulations. 8. Respond to and mitigate security incidents under WAF & BOT operations. 9. Contribute to security awareness and training programs.
