Application Security - VAPT

Job description

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.

Role and Responsibilities
·  Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Design review, Code Review, Penetration testing (Ethical Hacking), Vendor Risk Assessment.
·  Liaison with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
·  Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
·  Be “hands on” with technology and to contribute to the design, development and support of projects with the Security recommendations.
·  Review design and development artefacts to ensure security quality in the products being developed.
·  Evolve security review processes in accordance with Information Security Standards and market best practices.
·  Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams.
·  Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards.
·  Provide diligent and competent service to customers by delivering an impartial and accurate service with Integrity, honesty and in accordance with the Information Security Policy and Standards
·  Foster security awareness and understanding.
·  Work in a 24x7 Security Operation Centre (SOC) environment

Required Technical and Professional Expertise

·  3-5 years of conducting application security assessments i.e. Architecture and Design review, Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment.
·  Working knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
·  B.E./ B.Tech/ MCA/ M.Sc. in Computer Science or IT
·  Working knowledge of executing source code analyzers to unearth security vulnerabilities in the source code
·  Run and analyse security Penetration testing and pinpoint security issues and suggest countermeasures for security improvements
·  Knowledge of attack vectors from OWASP, WASC and mitigation of the same.
·  Knowledge in various open source security tools such as proxies, fuzzers etc
·  Proven expertise in web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.).
·  Strong understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols
·  Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity
·  Capable of understanding end user requirements from security perspective
·  Sound business and technical acumen

Preferred Technical and Professional Expertise

·  Professional Qualification: CEH, OSCP or Any other equivalent certification.
·  Focused and versatile team player that is comfortable under pressure
·  Ability to remove barriers and enable teams to complete their objectives
·  Excellent problem-solving and critical-thinking skills
·  Understanding of emerging technologies and corresponding security threats.
·  Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.