Technical Knowledge and Skills:
- 5+ years of experience as Automation Architect and doing web application security testing as per OWASP standards
- 5+ years of experience designing, developing and executing Automation Scripts using Selenium
- Knowledge and experience in other Automation tools (like QTP, Rational Robot, AutoIT)
- Understanding and working knowledge with Data Driven, Keyword Driven and Hybrid frameworks
- Knowledge of Defect Management Tool (Quality Center, JIRA)
- Exploit application security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
- Ability to provide application security risk assessment of technologies stack used in cloud or web applications.
- Ability to perform application vulnerability assessments or application penetration testing, utilizing tools commercial and open source tools.
- Perform, review and analyze security vulnerability data to identify applicability and false positives.
- Create risk based security code reviews (Static, Dynamic and Interactive).
- Conduct application security testing in line with OWASP (Open Web application Security Project)
- Mentor junior engineers to build their skills and contribution levels
- Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
- Perform Proof of Concept testing and do evaluation of new security technologies and tools.
- Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
- Experience DevOps tools like DynaTrace, Chef, Splunk and Vagrant.
- Experience with scripting languages (e.g. python, PERL, SQL) a plus
- Ability to perform below tasks:
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
- Interactive Application Security Testing (IAST)
- Web Application Penetration Testing
- Product Security Testing
- Cloud Application Security Testing
- Web Services Security Testing
- Security Code Review
- Network Security Assessment
- Application Security Testing Tools: VeraCode, Synopsys, Contrast IAST, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
- Fast learning, problem solving and analytical skills
- Excellent communication, presentation, and interpersonal skills
- Track record of good time management
- Efficient in effort estimation, planning and prioritization
- Ability to understand Business Requirements and transform them to functional units
- Knowledge of SDLC and implementation
- Knowledge of SoapUI
- Proficiency in Java language
- Proficiency in SQL