Job Description:

• Perform secure code review of software applications, developed in various languages (i.e. Java, ASP, .NET, C++, C#,  PHP etc)
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Coordinate with multiple Development Teams to understand application architecture, perform threat profiling, to be able to perform a comprehensive manual code review.
• Should be proficient in Application Security Concepts, familiar with OWASP Top 10, SANS top 25 and other security best practices.
• Basic understanding of the protocols/technologies like HTTP, SOAP/REST, SSL/TLS.
• Experience in work with relational databases  like ORACLE, MS-SQL, MySQL etc.
• Analyze vulnerabilities, perform an impact analysis and risk determination.
• Successfully lead and execute projects, mentor and train resources with focus on enhancing their skill sets.
• Should have excellent communication Written, Oral and presentation skills.
• Security certifications CISSP, CEH is desirable
• Experience in secure software development standards, process, techniques and tools.
• Security Consulting

Tools: 

1. Proficiency in most of the tools in each category Secure code review –Checkmarx, HPFortify, IBMAppScan Source edition.
2. Web application vulnerability scanning tools - IBM AppScan, HPWebInspect, Burpsuite Pro High level programming languages :Java, C, C++, .NET
3. Development Knowledge – ASP.NET, ASP, PHP, J2EE, JSP
4. Database scanning: NGS & Scuba
5. Vulnerability scanning tools : Qualys, Nessus.

Good to have: 

1. Application development knowledge.
2. Must be fluent in using state-of-art IDEs involving Java/.net/php development. Knowledge of Eclipse is a big plus.
3. Conduct Network Penetration Testing and vulnerability assessment as part of Application security engagements.
4. Pre Sales / RFPs
5. Knowledge on Compliance standards ISO 27001, PCI DSS, HIPPA and SOX
6. Additional certifications like CISA, ECSA ,LPT will be an added advantage

At least 1+ years of experience in application security testing (Web/ Thick client), Infra Penetration Testing, mobile security testing and secure code review. Candidates with relavance experience should only apply. 

( )