Senior Application Security Engineer

Security Testing

• Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
• Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
• Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks

Vulnerability Management and Threat Mitigation

• Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
• Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
• Assess and remediate vulnerabilities by OWASP Application Security Verification Standard (ASVS)

Cloud Security

• Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards

Compliance and Regulations

• Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR
• Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls

DevSecOps Integration

• Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
• Collaborate with DevOps teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure DevOps

Required Skills and Qualifications

Technical Proficiency

• Legacy technologies: Java, .NET
• Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc
• CMS experience with Magento-Adobe and Avocode

Cloud Skills

• Expertise with AWS and Azure cloud platforms

Security and Compliance Knowledge

• Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks
• Familiarity with SANS Top 25 Software Errors and their remediation strategies

Security Testing Expertise

• Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques
• Experience in Threat Modeling to proactively identify and mitigate risks
• Strong knowledge of VAPT, mobile, and API security testing

DevSecOps and SDLC Integration

• Expertise in implementing Secure Software Development Lifecycle (SDLC) practices
• Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure DevOps

Soft Skills

• Excellent communication skills to bridge the gap between technical and business teams
• Ability to articulate technical issues to both technical and non-technical audiences