Senior Application Security Specialist

About role

• Conduct security assessments and code reviews to identify vulnerabilities in applications
• Collaborate with development teams to integrate security best practices into the software development lifecycle
• Design and implement security controls and measures to protect applications from threats and attacks
• Perform security testing, including penetration testing and vulnerability scanning
• Understanding of encryption, authentication, and authorization mechanisms
• Protecting applications at runtime by monitoring and blocking malicious activities
• Preventing attacks like code injection, SQL injection, and remote file inclusion and security remediation
• Strong analytical and problem-solving skills
• Stay updated with the latest security threats and industry best practices
• Provide guidance and support in remediating security findings and implementing secure coding practices
• Contribute to the development and maintenance of security policies, standards, and guidelines
• Participate in incident response and security incident investigations as needed
• Must be an effective communicator, balancing business goals with engineering goals, efficiently manage a communication with the
• business owner of a project Write elegant, clean, and well-solution documentation

• Experience with security standards and frameworks (e.g., ISO 27001, NIST, PCI DSS)
• Must have experience in web app securities using SSL and other technics.
• Knowledge of common application security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
• Proven experience in application security, secure coding practices, and secure software development lifecycle.
• Should have experience in any security tool like Contrast Security, Screen, and Waratek, VMware Air Watch, Microsoft Intune, and MobileIron.
• Experience with secure development frameworks and tools.
• Knowledge of cloud security principles and best practices.
• Understanding of regulatory compliance requirements (e.g., GDPR, HIPAA).
• Familiarity with Dev SecOps practices and tools.
• Familiar with tools to identify potential security vulnerabilities. Examples include Veracode, Checkmarks, and Fortify.
• Ability to complete all phases of software development life cycle (SDLC) including analysis, design, functionality, testing and support.
• Should have working knowledge of using a latest development tools and techniques like TFC, GIT, DevOps, Jira.
• Understanding of modern development methodologies and tools including Agile (XP and Scrum), Rapid Application Development, etc.

• BE/B. TECH in Computer Science. or MCA
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP))
• Good to have ISTQB certification.
• Knowledge of DevOps practices and tools