Application Security Tester

Key Responsibilities:

• The ideal candidate should be capable of application security testing activities across multiple technologies. The effort requires testing of databases, web applications, APIs, source code, and mobile applications.

• Performing static code application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/ authorization, OWASP top 10 / Sans Top 25 issues

• Perform automated security testing, manual validation of automated results, and manual configurations

• Engage with testing stakeholders to gather all required information needed to create detailed test plans and test cases in order to anticipate potential vulnerabilities

• Reviewing application code against the secure coding baseline and practices

• Understanding and analysing the vulnerability assessment report

• Prioritizing the vulnerability as per business context and business need

• Suggesting remediation fix solution and estimate the same

• Coordinating with business stakeholders and developers to get the fixes implemented

• Suggesting security best practices

• Work closely with application development and security engineers to fully expose any vulnerabilities of preproduction code / configurations

• Understanding/familiarity of OWASP TOP 10

Technical Experience:

• Hands on experience on web application vulnerability scanners such as CAST, Burp Suite Pro, Fortify, Web Inspect, Acunetix etc.

• Perform SAST , Manual code review, remediation support, review open source components

Qualification:

• Graduate/Post-graduate in Computers

• 5+ Years of Experience in Application Security Testing Projects

• Ability to effectively communicate with peers, other departments

• Ability to design security controls