Drag

DevOps

Location : ,

Job Description

JOB ROLE  :- Application Security consultant ‚Äč

JD 

Overview:
The Application Security consultant has strong experience with secure application development and application security assessments. The ideal candidate will understand a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities in client applications and supporting environments. You will be tasked with guiding clients from traditional DevOps practices to a comprehensive DevSecOps model. This role encompasses conducting in-depth code reviews, utilizing DAST, SAST, and SCA tools for security assessments, and performing web application penetration tests. A consultant must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, and interface effectively with customers, vendor partners, and colleagues. This role requires a candidate with a strong development background and familiarity with a broad spectrum of programming languages.
 
Requirements:
  • A. Must have practical experience (1-3 years) in an application security role that included manual testing such as:
  • Conduct security reviews(assessments) and web application penetration tests to identify vulnerabilities across a variety of development frameworks and languages.
  • Perform thorough code reviews using DAST, SAST, and SCA tools, focusing on a wide array of programming languages. (secure code reviews)
  • Advise on the integration of security practices within DevOps processes, aiding in the transition to DevSecOps.
  • Work closely with development teams to instill secure coding practices and embed security measures within CI/CD pipelines. (Deep understanding of software security architecture and design)
  • Assist in development of security processes and automated tooling that prevent classes of security issues.
  • B. Track and monitor current and trending practices in software engineering and application security, including DevOps/DevSecOps and Agile development practices
  • C. Successful implementation of application testing methodologies for web applications and APIs
  • D. Ability to assess mobile applications on IOS and Android platforms
  • E. Establish and maintain productive relationships with the wider delivery team, practice management, and client management team
  • F. Hold one or more security certifications: CISSP, CSSLP, OSCP, OSWE, OSCE, GPEN, GWAPT, eWPTX
  • G. BA/BS degree preferred in computer science, software engineering, cybersecurity, or mathematics
  •