Senior Security Specialist APPSEC

Role Overview: You should have 5-7 years of relevant experience in Security Testing, Team Management, and Project Management. Your role will involve having a good knowledge of network & application security vulnerabilities. You will be required to possess in-depth knowledge and experience with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews, as well as OSSTMM for network penetration testing. Experience in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), manual and automation penetration testing tools and techniques is essential. You should be familiar with tools like BurpSuite, ZAP, Veracode, Fortify, WebInspect, NMap, etc. Additionally, you will be expected to perform threat modeling, identify attack vectors, and have familiarity with STRIDE and DREAD concepts. Handling tasks/activities with competing priorities, working independently, guiding a team, managing multiple customers from different industry verticals simultaneously, and resolving team challenges and conflicts will also be part of your responsibilities. Strong verbal and written communication skills are required to effectively communicate with both business and technical teams. Having Security certifications such as OSCP, CEH, ECSA, GPEN would be an added advantage. Qualifications Required: - 5-7 years of relevant experience in Security Testing, Team Management, and Project Management - Good knowledge of network & application security vulnerabilities - In-depth knowledge and experience with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews, as well as OSSTMM for network penetration testing - Experience in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), manual and automation penetration testing tools and techniques - Experience in using tools like BurpSuite, ZAP, Veracode, Fortify, WebInspect, NMap, etc. - Experience in performing threat modeling and identifying attack vectors, familiarity with STRIDE and DREAD concepts - Ability to handle tasks/activities with competing priorities, work independently, guide a team, manage multiple customers from different industry verticals simultaneously, and resolve team challenges and conflicts - Good verbal and written communication skills to communicate with both business and technical teams - Security certifications such as OSCP, CEH, ECSA, GPEN would be an added advantage,