Job
Description
1. Good understanding of OWASP top10 vulnerabilities 2. Burp scanning procedures. 3. Penetration testing skills, 4. In-depth understanding between risk severity and probability 5. Describe specific steps or methodology for identified risk remediation. 6. Vulnerability identification and remediation , 7. Risk frameworks, 8. Mitigation and remediation strategies, 9. Concepts of SAST, DAST, DEVSECOPS. optional Responsibilities and Day-to-Day View • Execute vulnerability assessment of applications via automated and manual techniques to understand the risk and security posture of the applications in pre-prod and prod envs. • Perform security analysis and identify new engineering standards for cloud, on-prem, and/or mobile applications based on modern HTTP based web applications and microservices that improves security posture. Analyze HTTP request/response data and collaborate knowledge with technology teams to find root cause and hardening opportunities. • Conduct, lead and handoff incident response activities (triage, communications, containment, root cause analysis, remediation) • Assess, triage and prioritize security detections from logs and monitoring alerts for suspicious or anomalous activity including bot traffic • Review application design, architecture and configuration from security standpoint and provide recommendations based on security best practices • Research, design, and develop solutions meeting internal and external compliance, security requirements and standards for Site Security & Reliability Engineering • Drives defense-in-depth security for the organization to protect critical IT assets and data • Understands cryptography and encryption of data stored and transmitted. • Logging, monitoring, and responding to detected incidents. • Serving as the voice of the customer to the development and system support teams in implementing new features or resolving security issues that exist in technology implementations. Required Qualifications • Ability to conduct creative and in-depth manual security testing (ethical hacking). • Identifies critical security gaps and drives them to resolution within required timelines. • Ability to write and develop security and infrastructure Security standards and requirements • Ability to use automated scans to identify security vulnerabilities and configuration gaps • Exceptional ability to communicate and drive progress on compliance by influencing action owners and tracking progress with reports, dashboards and other tracking mechanisms. • Ability to program and automate communications and notifications to action owners • At least 2-4 years experience in working in Azure cloud, information security, PCI and SOC compliance • Perform security analysis of cloud configurations • Experience in Application Security Testing, using automated SAST Scanners (Veracode Preferred), DAST Scanners (AppScan Enterprise Preferred) and Pen Testing tools, like BurpSuite. • Familiarity with investigative technologies such as log analysis, HTTP debugging tools • Familiarity with tools such as Splunk, EFK, Dynatrace, QuantumMetric, and any Web Application Firewall (WAF) Mandatory Skill - Must Have - Application security & testing Good to have - SAST + DAST.
