IBM Application Security - VAPT 

India, Maharashtra, Mumbai 

505390463

Role and Responsibilities

• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Design review, Code Review, Penetration testing (Ethical Hacking), Vendor Risk Assessment.
• Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
• Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.
• Review design and development artefacts to ensure security quality in the products being developed.
• Evolve security review processes in accordance with Information Security Standards and market best practices.
• Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams.
• Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.
• Provide diligent and competent service to customers by delivering an impartial and accurate service with Integrity, honesty and in accordance with the Information Security Policy and Standards
• Foster security awareness and understanding.
• Work in a 24×7 Security Operation Centre (SOC) environment

Required Technical and Professional Expertise

• 3-5 years of conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.
• Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
• B.E./ B.Tech/ MCA/ M.Sc. in Computer Science or IT
• Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code
• Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements
• Knowledge of attack vectors from OWASP, WASC and mitigation of the same.
• Knowledge in various open source security tools such as proxies, fuzzers etc
• Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).
• Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols
• Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity
• Capable of understanding end user requirements from security perspective
• Sound business and technical acumen

Preferred Technical and Professional Expertise

• Professional Qualification: CEH, OSCP or Any other equivalent certification.
• Focused and versatile team player that is comfortable under pressure
• Ability to remove barriers and enable teams to complete their objectives
• Excellent problem-solving and critical-thinking skills
• Understanding of emerging technologies and corresponding security threats.
• Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.