Roles and ResponsibilitiesJob Title: Application Security AssessmentManager
Reports to: CISO
Required Qualification: BE / MCA/ M.Tech –IT/Cyber Security
Professional Certification like CertifiedEthical Hacker / Offensive Security Certified
Skill, Knowledge & Trainings:
Understanding and hands on experience of various security tools such as Burp Suite,
Acunetix, Checkmarx, ZAP, Echo Mirage, Fiddler, sqlmap, nmap and operating
systems like Kali linux.
Knowledge of OWASP, Common Vulnerabilities and Exposures.
Familiarity with security frameworks like ISO 27001 and risk management
Web, mobile and Thick clientapplication penetration testing
Secure Code review using tools likeCheckmarx
Hands on experience on black boxand white box security assessments.
Can perform Threat profiling andThreat modelling, Analyzevulnerabilities, perform an impactanalysis and risk mapping as perstandards such as OWASP, Common
Vulnerabilities and Exposures (CVE)
An analytical mind with excellentproblem-solving ability.
Outstanding communication andorganization skills.
Ability to work under pressure in a fast-paced environment.
Managing Application security testingteams and ensuring that theapplications are effectively assessedwith in the planned timelines.
Job Purpose: To perform and manage team to complete Application security and Secure
Code assessments to identify the vulnerabilities in business applications and ensures the
applications security risks are identified and support in mitigation.
Area of Operations Key Responsibility
Application Security assessments
Lead the team of Application testersand participate in the applicationsecurity assessments as mentor
Ensure that the applications areeffectively assessed with in the plannedtimelines.
Understand the application andbusiness flow.
Prepare the test plan and test cases forthe application security testing.
Tool based and manual “webapplication and Mobile application”security / penetration testing.
Tool based and manual “thick client(exe based)” application security /penetration testing
Tool based “Secure Code review” forapplication source code.
Review the detailed Application securityassessment reports and ensure thatreports are complete in all aspects andissues are published to the respectiveteams.
Presents the Appsec findings tobusiness owners and the management.
Discussing the reported vulnerabilitieswith the application development team
Carry out Periodic Application securityassessments and Secure code review.
Carry out pre-implementationApplication security assessments and
Secure code review.
Carry out validation testing for the fixedvulnerabilities.
Support the development team inunderstanding the application security
Maintains secure applicationdevelopment practices.
Role:System Security Engineer
Salary: Not Disclosed by Recruiter
Functional Area:IT & Information Security
Role Category:IT Security
Employment Type:Full Time, Permanent
UG:B.Tech/B.E. in Any Specialization,BCA in Computers
Talent Leads HR Solutions Pvt Ltd