Senior Application Security Engineer - Hyderabad, India - YASH Technologies

Description

Work Experience:

• As part of this role, professional is responsible for embedding security into CUSTOMER's end to end software development practices/DevOps. This includes implementing, operationalising and driving the uptake of application security testing practices, capabilities and tooling across CUSTOMER cloud and on-premises technology environments.
• Experience with Secure configuration and Hardening
• Additional responsibilities include:

Provide application security advice and training to technology stakeholders which includes threat modelling, secure application design and architecture activities.

Create and maintain guidelines to support the development of secure software within CUSTOMER.

Build and maintain strong relationships with cross-functional technical teams will also enable you to influence the way they view, navigate and remediate any potential security threats in their day-to-day activities.

Technical requirements include:

• Demonstrated experience in implementing, operating and embedding the use of application security testing tools (including Static Application Security Testing, Dynamic Application Security Testing and Software Composition Analysis) within an organisation.
• Strong understanding of Open Web Application Security Project (OWASP) controls, methodologies and guidelines.
• Current knowledge in methodologies for and proven success in conducting detailed vulnerability assessments and penetration tests against web and mobile applications.
• Experience and current knowledge in the use and implementation of commercial and open source security testing tools for modern and emerging technologies.
• Significant experience designing, reviewing and implementing secure application architectures.
• Current and ongoing hands-on software development experience across multiple programming languages with a strong focus on secure development practices and techniques.
• Strong knowledge of the latest web and mobile application vulnerabilities, advisories, incidents, penetration testing techniques and controls.
• Strong knowledge of application security trends and emerging threats.
• Demonstrated experience mentoring software development staff in application security and uplifting security practices across an organisation.
• Experience in leading and implementing threat modelling practices within software developments teams.
• In-depth assessment of security-critical web applications including evaluating the security posture of an application across the development life cycle/DevOps, enabling to identify, eliminate, and prevent security risks in the applications that drive CUSTOMER business.
• Web services or APIs allows applications to expose programmatic interfaces that can be used by other integrated applications. The web services are often hosted on an internal network, but with the increasing popularity of mobile or web applications, many web services are being exposed to the Internet. These factors combine to mean that an increasing number of threats are targeting such interfaces, meaning they should be included in any vulnerability analysis.
• Drive vulnerability scanning towards identification of threats on CUSTOMER assets through automated, and regularly scheduled scans of both external, and internal facing assets.
• Experience working in a regulatory compliance-based services environment.