Application Security & Testing Expert - Infra/Oil & Gas

Application Security & Testing Expert

Job purpose :

- The person will be responsible for maintaining Application Security across Group companies and also responsible for application testing.

Key Accountabilities :

- Integrating security standards, processes and tools into the application lifecycle

- Must have experience in building test strategy, test plan, governing UATs, performance testing, functional testing, usability testing, integration testing, load/ stress testing, test automation, building/ maintaining currency of automated test beds.

- Improving and maintaining secure development standards in operational technologies as well as traditional IT. Must have experience in testing mobile apps (apps performance and security testing)

- Supporting the incident response and architecture review processes whenever application security expertise is needed. Integrating threat modeling practices into the application life cycle

- Managing annual penetration testing services, including both expert consulting and managed services. Providing manual penetration testing and standards gap analysis services to internal business and technology partners. Providing security requirements for test driven design.

- Supporting Vendor Security activities to ensure 3rd - party software and development meets security standards. Improving and supporting application security tool deployments including static analysis and runtime testing tools.

- Support and manage GRC initiatives across the group from application and testing perspective. Governance of applications roles and authorities.

- Producing metrics reporting the state of application security programs and performance.

- Support DR and BCP build and run exercise across the businesses and functions.

Education :

- Technical Degree (BE/ B.Tech)

- CISSP/ CASS certification required (at least one is strongly preferred)

- ISTQB certification preferred

Relevant experience :

- Candidates must be able to approach application security and testing from the perspective of risk management. He should have worked in the outsourced environment.

- Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

- The ideal candidate has experience testing SAP/ .NET/ web applications and database security. Experience with an application / database layer intrusion detection / prevention appliance is greatly appreciated

- The candidate should have familiarity with a variety of development and testing tools (HPQC, SAP TAO). He should be able to review test scripts.

- Familiarity with industry standards and regulations including and ISO27001 is desired