SAST- (Static Applicant Security Testing)

Job Title: SAST (Static Application Security Testing) 

Location: Pune,  Chennai, Bangalore

Experience: 6-9 Years

Skills: Checkmarx, Fortify, Veracode, SonarQube 

Job Summary:

We are looking for a skilled SAST Specialist with a deep understanding of Static Application Security Testing. The ideal candidate will have extensive experience in performing security assessments on web and mobile applications using SAST tools. The candidate should be capable of identifying vulnerabilities in the source code, understanding security best practices, and working with development teams to remediate security issues. Strong experience with leading Static Analysis tools such as Fortify, Checkmarx, or SonarQube, and an in-depth understanding of common application security vulnerabilities (e.g., OWASP Top 10) are required.

About Us:

This position is being recruited by Smartwork IT Services, a leading recruitment and product-based company. In addition to staffing solutions, Smartwork IT Services is involved in developing cutting-edge products like SWITS ATS (Applicant Tracking System) and SWITS HRMS (Human Resource Management Services). We focus on delivering exceptional value through innovative solutions and top-tier talent acquisition.

Key Responsibilities:

Static Application Security Testing:
Conduct static analysis on applications to identify vulnerabilities, including those related to secure coding practices and common security flaws.

Vulnerability Management:
Analyze and categorize security vulnerabilities, provide clear and concise remediation guidance, and track the progress of security issues until resolved.

Security Best Practices:
Work with development teams to integrate security best practices throughout the software development lifecycle (SDLC), ensuring secure coding standards and guidelines are followed.

Reporting and Documentation:
Prepare detailed reports on identified security issues and provide actionable recommendations for remediation, ensuring reports are tailored to both technical and non-technical stakeholders.

Tool Proficiency:
Utilize leading SAST tools (e.g., Fortify, Checkmarx, SonarQube) to perform in-depth security assessments, and recommend the best tools for the specific security requirements of each project.

Collaboration and Training:
Collaborate with application development teams to provide guidance on secure coding practices and conduct training sessions on security testing.

Required Skills:

• Strong experience with Static Application Security Testing (SAST) methodologies and tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, etc.).
• In-depth knowledge of web and mobile application security vulnerabilities (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and familiarity with the OWASP Top 10.
• Experience in analyzing application source code to identify security weaknesses and providing remediation advice.
• Familiarity with secure software development lifecycle (SDLC) and the integration of security testing into CI/CD pipelines.
• Knowledge of application security frameworks and compliance standards (e.g., OWASP, NIST, ISO 27001).
• Experience with common programming languages (Java, C++, Python, etc.) to assess security vulnerabilities in code.
• Proficiency in vulnerability tracking and management tools, and understanding of risk assessment methodologies.
• Strong communication skills, with the ability to interact with both technical and non-technical stakeholders.
• Knowledge of Agile methodologies and experience working in Agile development environments.