Security Analyst

Tittle: Application Security Analyst

POSITION SUMMARY

PRINCIPLE JOB RESPONSIBILITIES:

• Web application security Testing and Assessments.
• Identify SQL injections, XSS, CSRF, authentication, OWASP top 10 issues security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Maintain expertise in both commercial and opensource tools such as Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, experience in BEEF, MetaSploit and other exploitation framework.
• Reproduce the external pentest issues use case and report the identified vulnerability.
• Review external pentest reports and work with the application security analysist to reproduce the use cases.
• Work on the ad-hoc scanning and reporting analysis for SCA/VM/SAST.
• Analyse and report the vulnerabilities from the scan results of DAST, SAST, SCA and vulnerability management tools.
• Contribute on the Bill of Material (BOM) monitoring and work.
• Collaborate with AppSec Lead on the License approval/requests process.
• Work on the activity alerts related to Zero Day and End of Life (EOL) vulnerability.
• Contribute to the investigation and action on SIEM (Security Incident & Event Management) alerts.
• Assist in the investigation of zero-day vulnerability and provide relevant data for further processing.
• Automate security testing tasks.
• Assisting with the growth and process improvement ideas for the department. 
• Participate in on-call support rotation for afterhours support coverage as needed.
• Other duties as defined.

Requirements:

• Bachelors degree in information technology or computer Science
• Expertise in identifying and exploiting business logic and framework related vulnerabilities.
• Extensive experience in removing false positives, analysing dynamic scan web inspect, appscan reports.
• Knowledge of Secure SDLC (Secure Software Development Life Cycle) and Security standards like OWASP, CWE, NIST, OSSTMM.
• 5+ years of relevant experience
• Working understanding of Agile Development processes
• Good written and verbal communication skills
• Good troubleshooting skills
• Excellent teaching, problem-solving, communication, and interpersonal skills.