Experience with scripting languages (e.g., Python, Perl, PHP, Ruby) and a programming language (e.g., Java, Objective-C).
Understanding of AWS services (EC2, S3, KMS, RDS) and security best practices; ability to explain basic networking concepts (routing, ACLs, load balancers, SSL/TLS, TCP).
Background in web application development and/or code auditing; strong verbal and written communication skills.
Knowledge of SAST/DAST/IAST/SCA and their use in development pipelines; familiarity with OWASP Top 10 and CWE Top 25.
Requirements:
Review code and security scan results to identify vulnerabilities and provide remediation guidance to development teams.
Act as an advisory development lead with a security mindset; collaborate with the development lead to remediate vulnerabilities; no hands-on coding involved.
Run scans and work with development leads to fix vulnerabilities to prevent recurrence.
Apply SAST/DAST/IAST/SCA concepts and OWASP Top 10 / CWE Top 25 guidance to secure software development and remediation.
Experience with a scripting language (e.g. perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)
General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback.
Background in web application development and/or code auditing strongly preferred.
Strong verbal & written communication skills
Review application security scan results and provide secure practices guidance to development teams related to software security defects and assisting them with remediation.
Strong analytical, documentation, and communication skills.
Experience with the identification and remediation guidance of software security defects.
Understanding of SAST, DAST, SCA (third party open-source vulnerabilities) IAST, and their use in development pipelines.
Strong knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities (such as XXE, XXS, SQLi, etc.)
Call Notes:
look at the code and find where the vulnerabilities are and help the development teams to remediate them.
Advisory role with hands-on exp is added to that, kind of a development lead with security mindset.
No hands-on coding involved.
Run the scan, found vulnerability, the expectation is to work with that development lead to fix that vulnerability and work with them hand in hand in remediating that vulnerability and ensure that will not repeat again.
Development background (java or python, NodeJS) is required.
Earlier cands had theory knowledge but did not have the required hands-on exp required and we don't have the bandwidth for training.
