The position requires hands-on experience in Application Security testing, vulnerability management, and governance. The team lead will support the Global Security Office's existing DevSecOps practice and embed security in SDLC phases. He will need to be familiar with common vulnerabilities and must be proficient in performing manual exploitation of vulnerabilities without the aid of automated tools.
The responsibilities associated with the position are as follows:
- Must be familiar with top industry Application Security testing tools. (HCL AppScan, Checkmarx, Veracode, Burp Suite and Synopsys Seeker)
- Proficient in mobile application penetration testing – android and iOS
- Proficient in Web application and infrastructure penetration testing
- Manual source code reviews of Client /Server-side programming languages and frameworks.
- Assist with implementing and designing automated security checks within the CI/CD.
- Participate in the implementation or deployment of new security tools and processes.
- Must have a strong command over HTTP request/response construction and the manipulation of these to achieve the desired results in exploiting various vulnerabilities.
- Should be familiar with Metasploit and Python.
- Good knowledge of security technologies for secure software development such as cryptography, authentication techniques, protocols etc.
- Expert in DevSecOps with hands-on experience in implementing security aspects in continuous integration, continuous delivery and deployment automation
- Strong oral communications and writing skills are a must.
- Must have a strong command over web application penetration testing or network infrastructure testing.
- Must be a self starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties.