Description

Requirements

• Proficient in secure coding standards and manual review of code to identify OWASP Top 10 vulnerabilities and SANS Top 25 Programming errors
• Strong knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture and industry specific auditory frameworks
• Experience with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. Tomcat, .Net, MS SQL, etc.)
• Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
• Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.
• Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
• Knowledge on Application development using technologies like Java, J2EE, Groovy, Ruby, Angular JS, Node JS, Java Script, Python.
• Should have a solid understanding of security controls and how they apply to different designs and systems.
• Understand, highlight and articulate risk to product owners in an understandable language.
• Knowledge of DevSecOps and development pipeline integration and automation.
• Knowledge in Cloud and Containers infrastructure. AWS, Azure and docker experience is a plus.
• Document vulnerabilities and work with developers on vulnerability mitigation.

Job Details