Application Security Assessment Manager

Job Description:

Job Title: Application Security Assessment Manager

Department: RMD

Reports to: CISO

Experience: 5-8 years of application security testing, Penetration testing and Secure Code review and managing team of Application assessors for thick clients, web and mobile applications

Required Qualification: BE / MCA/ M.Tech – IT/Cyber Security

Preferred Qualification: Professional Certification like Certified Ethical Hacker / Offensive Security Certified Professional (OSCP).

Skill, Knowledge & Trainings:

Understanding and hands on experience of various security tools such as Burp Suite, Acunetix, Checkmarx, ZAP, Echo Mirage, Fiddler, sqlmap, nmap and operating systems like Kali linux.

Knowledge of OWASP, Common Vulnerabilities and Exposures.

Familiarity with security frameworks like ISO 27001 and risk management methodologies. Core Competencies:

Web, mobile and Thick client application penetration testing

Secure Code review using tools like Checkmarx

Hands on experience on black box and white box security assessments.

Can perform Threat profiling and Threat modelling, Analyze vulnerabilities, perform an impact analysis and risk mapping as per standards such as OWASP, Common Vulnerabilities and Exposures (CVE)

Functional Competencies: An analytical mind with excellent problem-solving ability.

Outstanding communication and organization skills.

Ability to work under pressure in a fast paced environment.

Managing Application security testing teams and ensuring that the applications are effectively assessed with in the planned timelines. Job Purpose: To perform and manage team to complete Application security and Secure Code assessments to identify the vulnerabilities in business applications and ensures the applications security risks are identified and support in mitigation. Area of Operations Key Responsibility Application Security assessments The calendar for App sec is drawn for every year and ensure that planned application testing is carried out as per schedule

Lead the team of Application testers and participate in the application security assessments as mentor

Ensure that the applications are effectively assessed with in the planned timelines.

Understand the application and business flow.

Prepare the test plan and test cases for the application security testing.

Tool based and manual “web application and Mobile application” security / penetration testing.

Tool based and manual “thick client (exe based)” application security / penetration testing

Tool based “Secure Code review” for application source code.

Review the detailed Application security assessment reports and ensure that reports are complete in all aspects and issues are published to the respective teams.

Presents the Appsec findings to business owners and the management.

Discussing the reported vulnerabilities with the application development team for remediation.

Carry out Periodic Application security assessments and Secure code review.

Carry out pre-implementation Application security assessments and Secure code review.

Carry out validation testing for the fixed vulnerabilities.

Support the development team in understanding the application security issues.

Maintains secure application development practices.