Desired Skills and Experience
- Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization issues
- Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc
- Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, metasploit, CheckMarx, AppScan, WebInspect, Fortify, Nessus, nmap, sqlmap
- Hands on experience in Dynamic security testing of web based application
- Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMM
- Understanding of OWASP top 10 and mitigation techniques
- Work with development teams to carry out Application Security Reviews
- Hands on experience in Application Code Review
- Tool exposure in CheckMarx, Fortify, IBM AppScan Source, Veracode
- Application Vulnerability Assessment/ Penetration Testing Cenzic, IBM AppScan
- Understanding of network mobile security and tool exposure
- Experience in Dynamic Application Security Testing(DAST)/Static Application Security Testing(SAST)
- Excellent Communication Skills
Apply