Software Composition Analysis: 1-3 years of experience (Penetration Testing Background)- Mumbai

Overview:

Work Experience:

Job Location:

What You Will Do:

• Component Security Analysis:

   Use SCA tools to scan software codebases including both in-house and third-party/open-source components for vulnerabilities and security risks.

• Vulnerability Assessment:

   Analyse scan results to determine the severity and urgency of each issue and prioritize fixes.

• License Compliance:

   Check all software components for compliance with licensing agreements. Advise teams on licensing implications to avoid legal risks.

• SBOM Management:

   Maintain an accurate Software Bill of Materials (SBOM), tracking all components, versions, and dependencies.

• Collaboration:

   Work closely with developers to communicate findings, suggest secure alternatives, and assist with remediation.

• Remediation Tracking:

   Follow up to ensure vulnerabilities are fixed and verify resolutions with follow-up scans.

• Reporting & Documentation:

   Document all findings, actions, and compliance status. Prepare clear reports for both technical and non-technical stakeholders.

• Continuous Learning:

   Stay current with the latest trends in software security, open-source risks, and regulatory requirements.

• Training & Improvement:

   Participate in security meetings and training sessions. Help improve SCA processes and tools based on industry best practices.

• Cross-Functional Coordination:

   Partner with compliance and legal teams to ensure all software meets regulatory and legal standards.

Key Skills We’re Looking For

• Analytical Skills:

   Strong ability to analyse, prioritize, and solve complex security issues.

• SCA Tools:

   Hands-on experience with software composition analysis tools and methodologies.

• DevSecOps:

   Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.

• Compliance Knowledge:

   Understanding of regulatory standards such as GDPR, PCI DSS, and others relevant to software development.

• Open-Source Awareness:

   Basic knowledge of open-source software, including licensing and compliance considerations.

• Communication:

   Excellent ability to explain technical issues and collaborate with developers, security, and legal teams.

• Organization:

   Capable of managing multiple tasks and adapting to a fast-paced environment.

Required Qualifications

• Education:

   Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

• Experience:

   1–3 years in software development, application security, or a closely related area.

• Certification:

   Certified Ethical Hacker (CEH) certification is required.

Join our team and contribute to building secure and compliant software solutions through 

effective Software Composition Analysis!