Specialist - Information Security

"Would prefer candidates coming in from DEV Security operations(Dev SecOps) , Product security experience required, SAST and DAST, Secure SDLC, Threat Modeling, OWASP 10, Secure code review, Application Security

1. Manage build and deployment of the Secure Development Lifecycle activities, Assist in security assessments of new architecture and technology. Hands on experience in Secure SDLC including Threat Modelling, Secure Code Review(automated / manual), Vulnerability assessment and penetration testing.

2. Should have expertise in vulnerabilities analysis and penetration testing and provide mitigations solution to development team. Exposure on Webservices( SOAP / REST) security assessment

3. Should have good hands-on experience on Security tools like Fortify SSC, Checkmarx, VeraCode,IBM Security AppScan-Source, WebInspect, IBMAppscan, Veracode, Burpsuite,Nessus, NMap, or any other Static and Dynamic analysis tool

4. Good knowledge of OWASP Top10, SANS Top25, CWE and CVE / Mitre, along with hands-on practical experience in development & testing for vulnerabilities and implementing remediation.