- Senior
- Escritório em Chennai
Job Description:
Position: Application Security Specialist Company: Likewize Location: Chennai Job Summary: The Application Security Assessment Specialist/Engineer is responsible for evaluating the security posture of web, mobile, and API-based applications and its dependent infrastructure through manual and automated assessments. Key Skills:
1.
Hands-on experience to Architecture & design review, Threat modelling, Static analysis (SAST), Manual secure code review / deep code dive, Dependency and supply-chain analysis, Dynamic analysis (DAST), Interactive analysis (IAST), Configuration & IaC review, Database security testing, Mobile app tests, API endpoint tests, able to do deep dive study and provide ASVS report.
2.
Hands-on experience to White box, Grey box testing techniques.
3.
Red team capability to test our applications/infrastructure and provide recommendations.
4.
Key skills also involve reconnaissance, threat intelligence, and the ability to create custom tools to evade detection while mimicking real-world adversaries, as well as strong communication skills for reporting findings.
5.
Technical expertise in penetration testing and exploit development, social engineering.
6. Programming skills in languages like Python, Ruby, C/C++, Bash, crucial for developing custom tools, payloads, and automating tasks. Knowledge on API testing (Postman, Swagger), Java, .NET, Python, JavaScript, Node.js, etc.)
7.
Handson skills to modify existing exploits or create new ones for novel vulnerabilities.
8.
Good Knowledge on NIST, PCI DSS, ISO 27001, OWASP Top 10, ASVS, CWE/SANS 25, CAPEC, and MITRE ATT&CK for applications.
9. Hands-on experience with tools such as **Burp Suite, Checkmarx, Veracode, Fortify, HCL AppScan, or Netsparker etc.,.
10. Preferred certifications: **OSWE**,OSCP **GWAPT**, **CPT**, **CEH**, or **GIAC GWEB**. GIAC (GRTP), (CCRTS)
11. Strong analytical and problem-solving skills.
12. Deep understanding of web, mobile, and API security concepts.
13. Excellent written and verbal communication skills for technical and non-technical audiences.
14. Ability to work independently and in cross-functional teams.
Qualifications, Experience and Skills
1. Bachelor’s degree in any engineering stream or Computer Science or equivalent, Information Security.
2. 10-15 years of experience in application security architecture and Security assessment, penetration testing, or related roles.
3. Good communication skill, stakeholder management, negotiation skills and presentation skills.
