Senior Security Analyst
(4+ years exp)
R360
The Role
Responsibilities:
Good understanding of web application architecture and Secure development life cycle(SDLC).
Mature and help implement Threat Modelling capability with SDLC and Application development efforts.
Partner with DevOps team to evaluate, integrate and onboard security tools such as SAST, DAST, open source scanning into the DevSecOps life cycle through pipeline.
Threat modelling for the significant changes on the applications to ensure Secure by Design approach is followed
Remediation support on the VA, PT report generated with guidance to developers on fixing the issues
Creating awareness and advocating security best practices on the context of application technology
Conduct Manual Penetration testing for Mobile, API and Web applications.
Exploit security flaws and vulnerabilities with attack simulations on multiple applications in Android and IOS platform.
Develop PoC/exploits for vulnerabilities identified.
Provide remediation guidance to identified vulnerabilities.
Solve complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.
Automate penetration and other security testing on networks, systems and applications
Produce actionable, threat-based, reports on security testing results
Build and maintain relationships with key stakeholders and business partners
Understanding of cloud security controls in AWS and/or Azure
Requirements:
The candidate should have 4 to 8 years of experience in web application and mobile application security vulnerability assessment and penetration testing.
Experience with Amazon Web Services and related technologies (EC2, IAM, KMS, S3, VPC, Lambda, etc.)
Good knowledge on PCI-DSS, SOX, GDPR, ISO, FISMA, etc.
Good to have CEH or OSCP certification.
Experience in Threat Modelling.
Understanding in Network security assessments.
Understanding of DevSecOps integrations.
Understanding in Security Architecture Review.
More about R360
Similar Jobs
