Senior Application Security Specialist

About the Company

Resources is the backbone of Publicis Groupe, the world’s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 5,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare, and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury, and risk management to help Publicis Groupe agencies do their best: create and innovate for their clients.

In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications, and tools to enhance productivity, encourage collaboration, and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients.

Responsibilities

• Conduct detailed penetration tests on web, mobile, thick clients, cloud native apps, APIs, and network using automated tools and manual testing techniques.
• Classify and prioritize vulnerabilities based on risk and impact and provide detailed reports and documentation of findings, including proof of concept for identified vulnerabilities.
• Perform secure review of application code for security weaknesses and recommend security improvements based on best practices and industry standards (e.g., OWASP Top 10, SANS Top 25).
• Work closely with development teams to understand application functionalities and potential security risks and assisting developers in understanding vulnerabilities and implementing secure coding practices.
• Stay up-to-date with the latest security threats, trends, and technologies.
• Contribute to the development and enhancement of internal security testing tools and methodologies, review of internal SOP, process or procedural documentations.
• Active participation in exploring and evaluating new technologies and tools in the industry.
• Assist project team in guiding for the security best practices.
• Mentor dev and QA community through driving security sessions, creating contents, articles, materials.

Required Skills

• Bachelor’s degree within a science or related discipline.
• 4 + years of relevant experience in vulnerability and penetration testing.
• Good understanding of OWASP Top 10, SANS Top 25, OSSTMM, PTES, NIST standards.
• Expertise and practical hands-on top industry Application Security testing tools like HCL AppScan, Checkmarx, Veracode, Burp Suite.
• Having certifications like OSCP, OSWE, CEH are a plus.
• Good conceptual knowledge and practical hands-on on SAST, DAST, IAST, SCA and other type of testing relevant in software development.
• Must have strong foundation of how application works and developed.
• Must have strong knowledge of security principles for secure software development such as cryptography, authentication techniques, protocols etc.
• Having experience in DevSecOps, practical implementation of integrating security in SDLC is a plus.
• Practical knowledge of any programming and scripting languages (e.g., Python, JavaScript, Java).
• Mandatory language skills (oral, written and listening): English.