Test Analyst (Application Security)_Exp-4 to 9 years_Location-Pune/Bangalore

Test Analyst (Application Security)_Exp-4 to 9 years_Location-Pune/Banglore

Role and Responsibilities

As an application security SME, be
leading the offshore Application Security Testing team for an upcoming delivery
project

• Perform application vulnerability
scans and code reviews using web scanners, database scanners and static code
analyzers

• Under moderate supervision manage
Application Security testing projects (small/medium) along with its risks and
dependencies

• Act as a Subject Matter Expert
(SME) on Application security having technical hands-on experience

 

Job Specifications

• Around 6 – 8 years of Application
Security experience inclusive of working in large projects and teams

• Strong familiarity with core application
security testing principles with research oriented mindset

• Good working knowledge of
application exploitations and their remedies (e.g. Cross Site Scripting, SQL
injection attacks, and buffer overflow)

• Thorough understanding of
application architecture and the various application tier and database tier
components (e.g. schemas, database objects, and file system structure.)

• Experienced with programming
languages commonly used in application development, with the ability to review
code for script languages (HTML, JavaScript, PHP, Perl) and compiled languages
(Java, C/C++).

• Code security assessment including
configuring scanners, carrying out scans, prioritizing results, and developing
detailed recommendations for remediation

• Have experience with Source Code
analyzers/ByteCode scanners (Fortify, Ounce, Coverity, Klocwork,
Prefix/Prefast/ Findbugs, FXCop) and able to evaluate the results

• RDMS experience, e.g. Oracle or MS
SQL Server will be an added advantage

• Having any industry accepted certifications
(from ISACA, ISC2, GIAC etc) will be an added advantage

• Excellent Written & Verbal
Communications Additional/Secondary Skills

• Experience with web-based
application development with J2EE (servlet/JSP) or ASP.NET (C#) • Preferable to
have framework experience (Struts, Spring) and understanding of AJAX & Web
Services.

• RDMS experience, e.g. Oracle or MS
SQL Server will be an added advantage

• Having any industry accepted
certifications (from ISACA, ISC2, GIAC etc) will be an added advantage


 Primary Skill

Application Security Testing

OWASP

SQL Inject

Location: Pune/ Bangalore

Experience: 4 to 9 years

Contact Person- Gyanendra Singh