Automation and Security Test Architect

Technical Knowledge and Skills:
 

• 5+ years of experience as Automation Architect and doing web application security testing as per OWASP standards
• 5+ years of experience designing, developing and executing Automation Scripts using Selenium
• Knowledge and experience in other Automation tools (like QTP, Rational Robot, AutoIT)
• Understanding and working knowledge with Data Driven, Keyword Driven and Hybrid frameworks
• Knowledge of Defect Management Tool (Quality Center, JIRA)
• Exploit application security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
• Ability to provide application security risk assessment of technologies stack used in cloud or web applications.
• Ability to perform application vulnerability assessments or application penetration testing, utilizing tools commercial and open source tools.
• Perform, review and analyze security vulnerability data to identify applicability and false positives.
• Create risk based security code reviews (Static, Dynamic and Interactive).
• Conduct application security testing in line with OWASP (Open Web application Security Project)
• Mentor junior engineers to build their skills and contribution levels
• Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Perform Proof of Concept testing and do evaluation of new security technologies and tools.
• Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
• Experience DevOps tools like DynaTrace, Chef, Splunk and Vagrant.
• Experience with scripting languages (e.g. python, PERL, SQL) a plus
• Ability to perform below tasks:
  • Dynamic Application Security Testing (DAST)
  • Static Application Security Testing (SAST)
  • Interactive Application Security Testing (IAST)
  • Web Application Penetration Testing
  • Product Security Testing
  • Cloud Application Security Testing
  • Web Services Security Testing
  • Security Code Review
  • Network Security Assessment
• Application Security Testing Tools: VeraCode, Synopsys, Contrast IAST, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
• Fast learning, problem solving and analytical skills
• Excellent communication, presentation, and interpersonal skills
• Track record of good time management
• Efficient in effort estimation, planning and prioritization
• Ability to understand Business Requirements and transform them to functional units
• Knowledge of SDLC and implementation
• Knowledge of SoapUI
• Proficiency in Java language
• Proficiency in SQL