Job Description

Lead Application Security Engineer We are looking for experienced Lead Application Security Engineer to effectively maintain the automated source code scanning platform, to perform secure code revie Lead Application Security Engineer We are looking for experienced Lead Application Security Engineer to effectively maintain the automated source code scanning platform, to perform secure code reviews as well as support the automated penetration test delivery within the organization and also upskill the developers by training on secure coding. Mandatory Skill-set . Bachelor in Computer Science or related field required . Has at least 1- years of work experience in development . Has at least 7 - years of work experience in the area of application security . Experienced in conducting secure code review, dynamic application security testing and manual security testing for both Web and Mobile applications . Experience in threat modelling - able to prepare threat profile to identify, quantify and address security risks . Familiar with CI/CD and DevOps concepts and how security testing can be integrated and automated as part of software delivery pipelinesKnowledge on Github actions. . Familiar with secure Web Services, Web and mobile API architecture (such as REST, SOAP, SSL/TLS, HTTPS) . Familiar with common web,mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities . Knowledge of security best practices, secure coding practice guidelines, OWASP top 10 web, API and mobile . Excellent communication and presentation skills. Desired Skill-Set . Knowledge of Static/Dynamic Application security tools like Fortify, Burp Suite professional, Webinspect . Knowledge in implementing the open source scanner tool like Sonatype Nexus . Knowledge in Container security implementation and tool like Prisma Cloud,Aqua Security . Knowledge in Cloud Security AWS & AWS Certified Security is a plus . Handling the Bug Bounty Program . Industrial certification like CEH Responsibilities . Responsible to propose and integrate security practices and processes into software development to ensure the delivery of applications have vulnerabilities resolved and mitigated . Responsible to develop secure application development practices (Secure SDLC), standards, guidelines and solutions towards adopting technical best practices and uplifting the Application Security (AppSec) capabilities within the organization . Perform Application Security assessment using a combination of threat modelling, vulnerability research, code scanning, application security testing with recommendation of proper remediation actions . Work closely with Development for vulnerability mitigations and help in removing the false positive from the static and dynamic application security report . Work closely with DevOps Team to create tools and automation to help test and improve the security in the CI/CD pipeline like Jenkins, Bitrise, AWS Codebuild etc. . Identify gaps in security and improve security protocols and procedures in application development processes . Enhance security competency in development teams implementing the secure coding training platform like Secure Code Warrior . Provide training to the development team on security standards, policies, procedures and best practices related to secure coding for Web and Mobile . Presenting the AppSec metrics to the management