Lead Security Tester Azure

About the job
Description

Perform security penetration testing and vulnerability assessment for web and Micro services applications.

Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality
Able to identify the combination of different vulnerability while execution of test scenarios/test cases
Good knowledge of automation to be used for security testing.
Strong understanding of cloud security practices in environments like AWS, Azure, or GCP.
Proven experience in identifying and exploiting business logic and framework related vulnerabilities
Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports
Knowledge of Secure SDLC and Security standards like OWASP, CWE
Provide expert advice and recommendation to the application development team
Extensive experience in addressing WEB and API application security issues
Strong knowledge of Application Security throughout the SDLC
Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc.
Strong knowledge in OWASP TOP 10 vulnerability standards
Strong experience in cloud technologies especially in Azure
Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security.

Requirements

Perform security penetration testing and vulnerability assessment for web and Micro services applications.

Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality
Able to identify the combination of different vulnerability while execution of test scenarios/test cases
Good knowledge of automation to be used for security testing.
Strong understanding of cloud security practices in environments like AWS, Azure, or GCP.
Proven experience in identifying and exploiting business logic and framework related vulnerabilities
Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports
Knowledge of Secure SDLC and Security standards like OWASP, CWE
Provide expert advice and recommendation to the application development team
Extensive experience in addressing WEB and API application security issues
Strong knowledge of Application Security throughout the SDLC
Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc.
Strong knowledge in OWASP TOP 10 vulnerability standards
Strong experience in cloud technologies especially in Azure
Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security.

Job responsibilities

Perform security penetration testing and vulnerability assessment for web and Micro services applications.

Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality
Able to identify the combination of different vulnerability while execution of test scenarios/test cases
Good knowledge of automation to be used for security testing.
Strong understanding of cloud security practices in environments like AWS, Azure, or GCP.
Proven experience in identifying and exploiting business logic and framework related vulnerabilities
Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports
Knowledge of Secure SDLC and Security standards like OWASP, CWE
Provide expert advice and recommendation to the application development team
Extensive experience in addressing WEB and API application security issues
Strong knowledge of Application Security throughout the SDLC
Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc.
Strong knowledge in OWASP TOP 10 vulnerability standards
Strong experience in cloud technologies especially in Azure
Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security.