Job Description :
Position Summary :
The Security Analyst is expected to perform vulnerability assessment, security analysis, penetration testing, code review of the product/modules and report the findings in defect tracking tool. It also includes but not limited to re analyse the findings and work with developers for the fixes.
Manual Testing :
- Perform threat modelling
- Perform architectural analysis
- Perform logical security assessment
- Monitor third party API- s, SDK and libraries are up to date.
- Generate assessment report
- Report your findings as per the severity
Automation testing :
- To use automated scanning tools
- Review false positives and true positives
- Generate assessment report
- Report your findings as per the severity
- Analyze reports from interactive source code review tool for false positives and include it in the report.
Analysis and reporting :
- Create a detailed assessment report as per company Works standard.
- Report issues as per the severity
- Follow up and review the fixes
Ad hoc request :
- Work on Ad hoc request related to application security
- Conduct pen. Test, Design reviews as per the request
Training and knowledge transfer :
- Conduct periodic security awareness training as per the requirement bases on global standards.
Working Relationships:
- Team leads
- Peers
- Developers
- Product managers
- Other security teams
- Support and operations team
- Infrastructure teams
Knowledge :
- Understanding of OWASP Top 10, SANS Top 25 and WASC, NIST.
- Black Box, Grey Box security assessment of web application, Mobile application.
- Experience of identification and mitigation of vulnerabilities
- Good knowledge of TCP/IP and other application and network level protocols.
- Security in SDLC (Application Security)
Skills :
- Strong team player
- Interpersonal Skills
- Good communication
- Active listening
- Believes in team work over individual contributions
- Articulation of thoughts
- Able to express view assertively
Attributes :
- Ownership and accountability
- Passion
- Integrity
- Team work
Certification :
- CEH
- OSCP
- Any other security-related certification.
Note: Experience in VAPT of Web and Mobile apps, an expert on Burpsuit and good knowledge on OWASP Top 10
Bond:- 2 years of the bond (this term will not stop your appraisal, bonus and other benefits)
Work shift:- 12.00 noon - 9.00 pm Shift
Pankaja -6362626779.
Didn’t find the job appropriate? Report this Job