Web Application Security Tester (SAST / DAST)

This job is with WTW, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

Description

• Create, maintain, and execute appropriate security testing processes to enable timely detection, risk-based prioritization, and co-ordinate the remediation of security testing findings
• Manage planning & execution of corporate penetration testing, DAST and SAST onboarding.
• Collaborate with development and QA teams to integrate security tools into CI / CD pipelines.
• Develop and maintain security testing documentation, including test plans and reports.
• Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that findings are understood and appropriately addressed.
• Measure and report the maturity, effectiveness and efficiency of Security Testing services
• Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception.
• Ensure accurate and clear communication with all stakeholders.
• Provide appropriate MI to key stakeholders.

Direct Span

Indirect Span

NA

NA

Qualified to degree level, preferably in a business, IT or security related subject

3-5 yrs.

Skill

Proficiency

Scoping and managing penetration testing activities

Advance

Building and leading effective security teams

Advance

Knowledge of Sox, SOC & other IT and Privacy related standards

Intermediate

Basics of IT Auditing and IT Risk concepts

Intermediate

Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP

Advance

Knowledge of Risk management tools, methodologies and practices

Advance

Application and infrastructure security principles

Advance

Knowledge of SIEM, PAM & Discovery Tools.

Basic

Qualifications

]]>