Application Security Specialist

Job Title - Specialist - Application Security: Job Description: Maintain the periodic penetration testing schedule, covering blackbox, greybox and whitebox engagements.Perform the testing of all web/mobile/thick-client applications developed/run by the organization and ensure the timely resolution of identified vulnerabilities.Collaborate with the development team for the security testing of all incremental changes as part of the development sprints.Ensure all engagements cover OWASP Top 10 as a minimum baseline and all findings are documented with an associated OWASP Top 10 category and CVSS score.Actively drive the integration and usage of SAST/SCA tooling within the Dev Ops process.Assist in reviewing the reports generated by the SAST/DAST/SCA tooling, prioritizing the critical issues, and coordinating with the development team for respective fixes.Conduct architecture and integration review of all applications developed in-house or used by the organization.Identify security gaps in application touchpoints/workflows and suggest remediation measures.Develop scripts/macros to automate standardized testing use cases.Prepare security baseline documents for new and existing applications.Prepare secure coding practices documents specific to the environments and frameworks being used in the organization.Collaborate with the application teams in providing preliminary reviews for upcoming features to ensure secure implementation approach is adopted.Drive the evolution of the application security program to adequately cover all stages of development.Assist in developing or enhancing the runtime protection of the applications.Assist team in reviewing and implementing enhancements to the application security program’s tooling and processes for increased agility.Assist team in the preparation of the documentation/proposals around security solutions/offerings.Assist in managing security solutions designed to protect applications such as WAF.Position Criteria: Working knowledge of manual testing of web applications, i OS/Android mobile apps, APIs & thick-client applications.Good understanding and knowledge of common web frameworks and Web APIs.Excellent understanding of authentication and authorization techniques.Excellent understanding of security issues impacting web, mobile and API; ability of identifying them within a target and building Po Cs.Comfortable with scripting and reviewing code blocks as part of application testing.Knowledge of cloud native application architecture.Strong documentation and communication skills.Skills: Application Security Strong conceptual understanding of web frameworks, cloud native applications, and thick clients Hands-on experience with web application, mobile app, API & thick client pentesting.Seniority level: Associate Employment type: Full-time Job function: Information Technology, Analyst, and Engineering Industries: Computer and Network Security and IT System Custom Software Development #J-18808-Ljbffr