Application Security Manager

Experience: 5-8 years of applicationsecurity testing, Penetration testing andSecure Code review and managing team ofApplication assessors for thick clients, weband mobile applications

Required Qualification: BE / MCA/ M.Tech –IT/Cyber Security

Preferred Qualification:

Professional Certification like CertifiedEthical Hacker / Offensive Security Certified
Professional (OSCP).

Skill, Knowledge & Trainings:

Understanding and hands on experience of various security tools such as Burp Suite,
Acunetix, Checkmarx, ZAP, Echo Mirage, Fiddler, sqlmap, nmap and operating
systems like Kali linux.
Knowledge of OWASP, Common Vulnerabilities and Exposures.
Familiarity with security frameworks like ISO 27001 and risk management
methodologies.

Core Competencies:

Web, mobile and Thick clientapplication penetration testing
Secure Code review using tools likeCheckmarx
Hands on experience on black boxand white box security assessments.
Can perform Threat profiling andThreat modelling, Analyzevulnerabilities, perform an impactanalysis and risk mapping as perstandards such as OWASP, Common
Vulnerabilities and Exposures (CVE)

Functional Competencies:

An analytical mind with excellentproblem-solving ability.
Outstanding communication andorganization skills.
Ability to work under pressure in a fast-paced environment.
Managing Application security testingteams and ensuring that theapplications are effectively assessedwith in the planned timelines.

Job Purpose: To perform and manage team to complete Application security and Secure
Code assessments to identify the vulnerabilities in business applications and ensures the
applications security risks are identified and support in mitigation.

Application Security assessments

The calendar for App sec is drawn forevery year and ensure that plannedapplication testing is carried out as perschedule
Lead the team of Application testersand participate in the applicationsecurity assessments as mentor
Ensure that the applications areeffectively assessed with in the plannedtimelines.
Understand the application andbusiness flow.
Prepare the test plan and test cases forthe application security testing.
Tool based and manual “webapplication and Mobile application”security / penetration testing.
Tool based and manual “thick client(exe based)” application security /penetration testing
Tool based “Secure Code review” forapplication source code.
Review the detailed Application securityassessment reports and ensure thatreports are complete in all aspects andissues are published to the respectiveteams.
Presents the Appsec findings tobusiness owners and the management.
Discussing the reported vulnerabilitieswith the application development team
for remediation.
Carry out Periodic Application securityassessments and Secure code review.
Carry out pre-implementationApplication security assessments and
Secure code review.
Carry out validation testing for the fixedvulnerabilities.
Support the development team inunderstanding the application security
issues.
Maintains secure applicationdevelopment practices.