Description

Technical Knowledge and Skills:
 

  • 5+ years of experience as Automation Architect and doing web application security testing as per OWASP standards
  • 5+ years of experience designing, developing and executing Automation Scripts using Selenium
  • Knowledge and experience in other Automation tools (like QTP, Rational Robot, AutoIT)
  • Understanding and working knowledge with Data Driven, Keyword Driven and Hybrid frameworks
  • Knowledge of Defect Management Tool (Quality Center, JIRA)
  • Exploit application security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
  • Ability to provide application security risk assessment of technologies stack used in cloud or web applications.
  • Ability to perform application vulnerability assessments or application penetration testing, utilizing tools commercial and open source tools.
  • Perform, review and analyze security vulnerability data to identify applicability and false positives.
  • Create risk based security code reviews (Static, Dynamic and Interactive).
  • Conduct application security testing in line with OWASP (Open Web application Security Project)
  • Mentor junior engineers to build their skills and contribution levels
  • Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
  • Perform Proof of Concept testing and do evaluation of new security technologies and tools.
  • Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
  • Experience DevOps tools like DynaTrace, Chef, Splunk and Vagrant.
  • Experience with scripting languages (e.g. python, PERL, SQL) a plus
  • Ability to perform below tasks:
    • Dynamic Application Security Testing (DAST)
    • Static Application Security Testing (SAST)
    • Interactive Application Security Testing (IAST)
    • Web Application Penetration Testing
    • Product Security Testing
    • Cloud Application Security Testing
    • Web Services Security Testing
    • Security Code Review
    • Network Security Assessment
  • Application Security Testing Tools: VeraCode, Synopsys, Contrast IAST, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
  • Fast learning, problem solving and analytical skills
  • Excellent communication, presentation, and interpersonal skills
  • Track record of good time management
  • Efficient in effort estimation, planning and prioritization
  • Ability to understand Business Requirements and transform them to functional units
  • Knowledge of SDLC and implementation
  • Knowledge of SoapUI
  • Proficiency in Java language
  • Proficiency in SQL


 

Education

Any Graduate