Job
Description
Job Description Security testing consultant Job Title: Application security testing consultant (Assistant Manager) Job Summary We are seeking an engineer with 3-5 yrs of experience and highly motivated senior security testing consultant to join our team in a dynamic industrial environment. The Application Security testing Engineer will be responsible for ensuring the security of our applications throughout the software development lifecycle. This role involves collaborating with development teams to integrate security best practices, conducting security assessments, and implementing measures to protect against threats and vulnerabilities. This role demands a blend of technical expertise, problem-solving skills, and knowledge of industry-specific challenges. Key Responsibilities Conduct security assessments, penetration testing, and code reviews on applications to identify vulnerabilities. Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC). Design and implement security measures, such as encryption, authentication, and intrusion detection systems. Develop and maintain security-related documentation, including policies, procedures, and guidelines. Monitor application security alerts and respond to incidents to mitigate risks promptly. Stay updated with the latest security threats, trends, and technologies to ensure proactive defense strategies. Provide training and support to development teams on secure coding practices. Conduct risk assessments and threat modeling to anticipate potential security issues. Work with cross-functional teams to remediate identified security vulnerabilities. Participate in security audits and compliance activities to meet regulatory requirements. Evaluate and recommend security tools and technologies tailored to industry-specific needs. Manage contracts with security vendors and service providers. Work closely with engineering, production, and IT teams to integrate security into new projects and upgrades. Participate in strategic planning for long-term security infrastructure improvements. Provide input for disaster recovery (DR) and business continuity planning (BCP) strategies Minimum Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related fields. Professional Certifications (preferable): Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) CompTIA Security+ Certified Information Security Manager (CISM) GIAC Certified Incident Handler (GCIH) Experience: 3-5 years of experience as an Security Engineer or in a similar role., including 3 years in industrial environments such as steel, power, renewable energy, or cement. Strong understanding of application security principles and secure coding practices. Technical Skills: Experience with security tools such as SAST, DAST, and vulnerability scanners. Familiarity with common security frameworks and standards (e.g., OWASP, NIST). Proficiency in at least one programming language (e.g., Java, C#, Python). Knowledge of encryption techniques, PKI, and secure authentication mechanisms. Familiarity with cloud security tools (e.g., AWS, Azure, GCP). Soft Skills: Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Ability to work collaboratively across teams and departments. Adaptability to evolving technology landscapes and security challenges.
