For a Global leading Product Development Company
The Security Test Engineer will serve as part of Quality Assurance team, responsible for security of the application. As an Security Test Engineer you would be an individual contributor, capable of leading and owning security testing of the product, collaborating with other business functions.
- Ensure end-to-end security of the product by hands on testing, hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts.
- Improve secure coding practices, application security requirements, automation, training, and metrics.
- Integrate threat modeling practices into the Software Development Lifecycle.
- Help build secure products and standards around emerging technologies and using existing standards and security practices.
- Perform Security Architecture and Low Level Application Security Design review involving: DataProtection, Authentication and Authorizations, Web Application Security and Network Security.
- Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals.
- Collaborate with product and solution teams to achieve Cybersecurity software security program objectives.
4- 6 Years of Experience in Web Application Security, SSDLC and Threat Modelling with MS/BS degree in Information System management / Computer Science / Information Security or a related technical discipline.
Hand on experience in Burb Suite.
MUST have deep understanding of OWASP Top 10 and CWE 25, with proven track record and experience in implementing and integrating remediation strategies.
Excellent understanding of web applications, web servers, layer 7 application technologies,frameworks and protocols with respect to application development and deployment.
Well versed in web application design, penetration testing, application risk assessment and risk categorization.
Operational knowledge of secure software development life cycle principles from training and requirements gathering to post-implementation operations support.
Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC), ability to successfully integrate security into a developers world.
Success in implementing effective Secure SDLC frameworks across a large corporation.