If interested please revert with your cv in word format with the current and expected ctc and notice period
Title: Application Security Testing
Location: Mumbai/Pune
Job Type: Full Time
Experience (in years): 2+
Key Responsibilities:
Reviewing application code against the secure coding baseline and practices
Performing static and dynamic web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/ authorization, OWASP top 10 / Sans Top 25 issues
Review code developed in JAVA, Net and other leading modern programming languages and technologies
Review of security technologies for secure software development such as cryptography, authentication
Perform internal / external network vulnerability assessment
Perform internal / external network penetration test
Experience in penetration testing tools (Kali linux, metasploit, nmap, etc)
Experience in managing tools for Vulnerability management
Perform scanning with enterprise grade vulnerability scanners (Tenable Nessus Professional/Security Center, Qualys, etc)
Maintaining network inventory.
Drafting of procedure documents and formal reports as required
Creating Network VAPT calendar and adhering to the timelines of the test
Work with the internal teams and provide remediation of the findings of the report
Knowledge of pre-requisites for network security assessments
Monitor computer networks for security issues.
Hunt for hackers, malware and anomalies within the bank environment
Analyze logs from firewalls, network and host intrusion and prevention systems.
Analyze malware and/or spam and/or phishing or any other malicious content
Develop/fine-tune existing solutions with focus on automation and threat intelligence
Guide vendors and teams responsible for remediation actions.
Work with security team to perform tests and uncover network vulnerabilities.
Support in fixing of detected vulnerabilities to maintain a high-security standard.
Stay current on IT security trends and news.
Develop company-wide best practices for IT security.
Technical Experience:
Hands on experience on web application vulnerability scanners such as Acunetix, Burp Suite Pro, etc
Knowledge of testing of Android & iOS mobile applications using static and dynamic testing tools (Santoku, Burp Mobile Assistant, apktool, etc)
Performing jailbreaking & rooting of android & iOS devices for the assessment
Running SAST & DAST Scans, Analyzing tool results, perform SAST & DAST, Manual code review, remediation support, review open source components.
Should have performed penetration testing individually for a large infrastructure.
Experience in testing of financial applications, and well verse with the process and procedures of banking sector.
Experience with computer network penetration testing and techniques.
Experience with web and mobile application penetration testing
Experience with API and thick client security testing
Secure code review of applications
Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
Understanding of patch management with the ability to recommend patches in a timely manner while understanding business impact.
Should have performed Red Teaming
Qualification:
Graduate/Post-Graduate in Computers
3+ Years of Experience in multiple Application Security Testing Projects including number of years of experience in network security
If interested please revert with your cv in word format with the current and expected ctc and notice period to kgarg@slicec.com
No comments:
Post a Comment