Application Security

Experience: 7+ years

Shift: 1 PM to 10 PM IST

Preferred notice Period: Immediate to 30 days

Skills : Crate Modeling, Secure SDL, DevSecOps & Communication skills

Role Responsibilities:

• Conduct thorough application security assessments to identify vulnerabilities and risks in web and mobile applications.
• Perform penetration testing to evaluate the security posture of applications and recommend remediation strategies.
• Develop and implement secure coding practices and guidelines for application development teams.
• Collaborate with cross-functional teams to integrate security measures throughout the software development lifecycle.
• Conduct threat modeling sessions to identify potential risks and establish security controls.
• Evaluate and implement security tools and technologies to enhance application security.
• Provide security training and awareness programs for developers on best practices in application security.
• Monitor and analyze security events and incidents, providing response strategies as needed.
• Research and stay updated on the latest security vulnerabilities and trends that may impact application security.
• Establish risk management processes to prioritize and mitigate identified vulnerabilities.
• Work with compliance teams to ensure adherence to security standards and regulations.
• Prepare detailed security assessment reports and communicate findings to stakeholders.
• Assist in the development of security policies and procedures related to application security.
• Participate in security audits and assessments to ensure compliance with industry standards.
• Lead remediation efforts for security weaknesses identified during assessments.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Proven experience in application security assessment and penetration testing.
• In-depth knowledge of web and mobile application security vulnerabilities.
• Familiarity with frameworks and standards such as OWASP, NIST, ISO, and others.
• Hands-on experience with security tools like Burp Suite, OWASP ZAP, Fortify, etc.
• Strong understanding of secure coding practices across various programming languages.
• Excellent analytical and problem-solving skills.
• Strong communication skills, with the ability to present technical information to non-technical stakeholders.
• Experience with cloud security practices for applications hosted in cloud environments.
• Ability to work independently and collaboratively in a remote work environment.
• Certifications such as CISSP, CISM, CEH, or equivalent are preferred.
• Experience with risk management frameworks and methodologies.
• Knowledge of incident response processes and best practices.
• Ability to stay current with new security technologies and evolving security threats.
• Previous experience working with DevOps teams on security integration is a plus.