-
A. Must have practical experience (1-3 years) in an application security role that included manual testing such as:
-
Conduct security reviews(assessments) and web application penetration tests to identify vulnerabilities across a variety of development frameworks and languages.
-
Perform thorough code reviews using DAST, SAST, and SCA tools, focusing on a wide array of programming languages. (secure code reviews)
-
Advise on the integration of security practices within DevOps processes, aiding in the transition to DevSecOps.
-
Work closely with development teams to instill secure coding practices and embed security measures within CI/CD pipelines. (Deep understanding of software security architecture and design)
-
Assist in development of security processes and automated tooling that prevent classes of security issues.
-
B. Track and monitor current and trending practices in software engineering and application security, including DevOps/DevSecOps and Agile development practices
-
C. Successful implementation of application testing methodologies for web applications and APIs
-
D. Ability to assess mobile applications on IOS and Android platforms
-
E. Establish and maintain productive relationships with the wider delivery team, practice management, and client management team
-
F. Hold one or more security certifications: CISSP, CSSLP, OSCP, OSWE, OSCE, GPEN, GWAPT, eWPTX
-
G. BA/BS degree preferred in computer science, software engineering, cybersecurity, or mathematics