Talent.com
This job offer is not available in your country.
Qualizeal - Application Security Specialist

Qualizeal - Application Security Specialist

QUALIZEAL INDIA LLPHyderabad
20 days ago
Job description

Job Description :

Key Responsibilities :

1. Security Testing :

  • Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
  • Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
  • Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks
  • Ensure applications are resilient to real-world attack vectors

2. Vulnerability Management and Threat Mitigation :

  • Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
  • Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
  • Assess and remediate vulnerabilities in accordance with OWASP Application Security Verification Standard (ASVS)
  • Use Threat Modeling to predict, identify, and mitigate potential security threats early in the development lifecycle
  • Provide detailed report analysis and assess the actual business and technical impact of security vulnerabilities
  • Generate and analyze SAST reports, delivering actionable insights to technical and business stakeholders
  • Implement and maintain robust vulnerability management processes
  • 3. Cloud Security :

  • Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards
  • Ensure data privacy and protection compliance with GDPR and HIPAA in cloud implementations
  • Implement security controls and frameworks for cloud applications and infrastructure
  • 4. Compliance and Regulations :

  • Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR
  • Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls
  • Support the creation of secure applications that meet industry compliance and regulatory requirements
  • 5. DevSecOps Integration :

  • Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
  • Collaborate with DevOps teams to integrate security tools and testing into the CI / CD pipelines using Jenkins and Azure DevOps
  • Automate security testing and monitoring to support agile development cycles
  • 6. Security Architecture and Best Practices :

  • Design secure application architectures to address OWASP Top 10 risks and API-specific threats
  • Advocate and enforce secure coding practices throughout the development teams
  • Integrate OWASP ASVS principles and Threat Modeling to enhance application security
  • Design and implement security architecture for web, mobile, and API applications
  • 7. Leadership and Training :

  • Lead security assessments and mentor junior team members on secure application practices
  • Conduct workshops and training sessions on OWASP Top 10, PCI DSS, Secure SDLC, and other key frameworks
  • Act as a subject matter expert (SME) in application security, fostering a culture of security awareness across the Skills and Qualifications :
  • 1. Technical Proficiency :

  • Legacy technologies : Java, .NET
  • Modern technologies : React, Node.js, Python, PHP, Ruby / Rails, Angular, etc
  • CMS experience with Magento-Adobe and Avocode
  • 2. Cloud Skills :

  • Expertise with AWS and Azure cloud platforms
  • 3. Security and Compliance Knowledge :

  • Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks
  • Familiarity with SANS Top 25 Software Errors and their remediation strategies
  • Knowledge of static compliance standards and security frameworks
  • 4. Security Testing Expertise :

  • Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques
  • Experience in Threat Modeling to proactively identify and mitigate risks
  • Strong knowledge of VAPT, mobile, and API security testing
  • 5. DevSecOps and SDLC Integration :

  • Expertise in implementing Secure Software Development Lifecycle (SDLC) practices
  • Proficiency in integrating security tools with CI / CD pipelines using Jenkins and Azure DevOps
  • Soft Skills :

  • Excellent communication skills to bridge the gap between technical and business teams
  • Strong leadership and collaboration skills
  • Ability to articulate technical issues to both technical and non-technical audiences
  • Preferred Certifications :

  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • GIAC Web Application Penetration Tester (GWAPT)
  • AWS Certified Security - Specialty
  • Microsoft Certified : Azure Security Engineer Associate
  • ref : hirist.tech)

    Create a job alert for this search

    Application Specialist • Hyderabad