TEM-Application Security-Senior-CBE

Your key responsibilities

• Expertise In executing large scale application security programs
• Expertise in Shift left security concept and security in DevOps
• Understanding of agile software development principles and security practices
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Strong knowledge of software supply chain vulnerabilities and the ability to effectively communicate methodologies and techniques with development teams
• Provide technical leadership and advise to junior team members on application security engagements.
• Develop automated solutions that mitigate risks throughout the organization.
• Support policies and vulnerability analysis using application security testing infrastructure including (SAST, DAST, SCA, IAST, and API Security)
• Ensure these tools deliver maximum value for both security and developer stakeholders.
• Support integration and automation efforts to ensure that security testing is an integral and painless part of code development.
• Partner with and train developers in how to deliver secure code.
• Track, prioritize and drive remediation of code vulnerabilities.
• Develop and foster effective working relationships within both Security and IT teams to ensure that projects are delivered securely and on-time.

Skills and attributes for success

• Experience with performing manual and automated SAST assessments.
• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.) updated and familiarized with the latest exploits and security trends.
• Familiarity with dynamic web application vulnerability scanning tools and services (Acunetix, HP WebInspect, HCL AppScan, BurpSuite)
• Familiarity with static code analysis tools and services (CheckMarx, Snyk, Fortify Static Code Analysis tool, Veracode, Coverity, IBM AppScan Source)
• Experience in developing a DevSecOps CI/CD pipeline completely using open source tools.
• Experience with SCM tools like Github, Gitlab, Bitbucket and their ability to integrated with CI/CD pipelines by using webhooks, actions, etc.
• Experience with implementing different phases of CI/CD like secret scanning, SAST, SCA, DAST, Infrastructure as code, compliance as code, vulnerability management.
• Optimizing the pipeline to produce the best results and ability to plan a maturity model for the DevSecOps program.
• Understanding of web-based application vulnerabilities (OWASP Top 10).
• Experience with scripting / programming skills (e.g., Python or PowerShell or Java or Perl etc.).

To qualify for the role, you must have

• BE/ B.Tech/ MCA.
• Minimum of 3 years of full-time work experience in SAST, SCA, DAST and DevSecOps.
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• Strong Excel and PowerPoint skills.

Ideally, you will also have

• Familiarity with programming languages such as Java, JavaScript, Python and Angular
• Strong knowledge of relevant Security Standards (OWASP) and how to apply them to the software development lifecycle in a large agile environment.
• Experience performing security analysis on web applications and APIs.
• Experience working in an Agile environment.