Security
Job Category : Security Engineer
Travel Required : No
Working Hours : Regular
Experience/Salary Range : 3 to 6 Years
Job Description
RESPONSIBILITIES
- OWASP – A thorough understanding of OWASP top 10 web application security risks & hands-on experience in identifying & analyzing these risks/vulnerabilities through dynamic security test tools
- Threat Modelling – Threat Playbook/ThreatSpec/Microsoft Threat Modelling Tool
- Application/Code Scanning
- Static Code Analysis – SonarQube / Bandit
- Dynamic Security Analysis – Burp Suite / OWASP ZAP
- Web Application Firewall – ModSecurity / Cloudflare
- Vulnerability Assessment & Management Tool – Archery Security Tool / JackHammer / DefectDojo
- Pre-Commit Hooks – Talisman / GitSecret / TruffleHog / Git Hound
- Software Composition Analysis – OWASP Dependency Check / RetireJS
- Artifacts Management – Jfrog Artifactory / Nexus
- Infrastructure Scanning – OpenVAS / Anchore / DockScan, Technical Skills (Good to Have), CEH (Certified Ethical Hacker)
- CISSP (Certified Information Systems Security Professional)”.
QUALIFICATIONS
- Solid history of designing, developing, or customizing application authentication and authorization systems.
- Understanding of the OWASP Top 10 application security risks and how to address them.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Strong working knowledge of enterprise software technologies, application security, and infrastructure.
- Working knowledge of Microsoft Azure or other cloud computing platform offerings and security related services.
- Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
- Core understanding of web application security scanning software and related penetration testing tools
- General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls etc.
- Solid understanding of cloud architecture as well as on premise IT landscape.
- General understanding of regulatory compliance and how it relates to application security and privacy.
- Applicable certification strongly preferred (e.g.,etc.) or obtained within 6 months of employment
- Strong communication skills, both written and verbal.
- Good presentation skills.
- Ability to articulate technically advanced issues to all audiences.
- Highly seasoned in organizational, time management, decision making and problem solving skills
- Ability to mentor and train internal and client teams.
- Ability to work under pressure, establish priorities and respond with urgency.