Talent.com
This job offer is not available in your country.
Application Security Analyst - Vulnerability Management

Application Security Analyst - Vulnerability Management

Sampoorna Consultants Pvt. LtdBangalore
30+ days ago
Job description

Key Responsibilities :

  • Support vulnerability assessments using SAST, DAST, and SCA tools.
  • Collaborate with DevOps, Vulnerability Management teams, IBM and third-party PenTest service providers to ensure security is integrated into CI / CD pipelines.
  • Manage the vulnerability management lifecycle, including triage, tracking, and remediation.
  • Provide remediation guidance and recommendations to developers on vulnerabilities.
  • Maintain and evolve secure SDLC practices and documentation.
  • Deliver security awareness and secure coding training sessions.
  • Demonstrate a willingness to learn, research, and innovate to improve the overall AppSec posture.
  • Administer threat modeling activities.

Technical Skills and Experience Required :

  • Experience with the following tools :
  • DAST : Qualys, Rapid7
  • SAST : CodeQL, Checkmarx, Fortify, SonarQube
  • SCA : Dependabot, JFrog Xray
  • API Security : Understanding of API security principles and tools like Postman, OWASP API Security Top 10,

    • or API gateways with security features.

  • 47 years of hands-on experience in application security or secure software development.
  • Strong understanding of OWASP Top 10, CWE / SANS Top 25, and secure SDLC.
  • Understanding of vulnerability management lifecycle and remediation workflows.
  • Understanding of threat modeling concepts.
  • Familiarity with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap).
  • Proficiency in at least one programming language (e.g., Java, Python, JavaScript, C#).
  • Familiarity with CI / CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
  • Exposure to cloud security (AWS, Azure, or GCP) is a plus.

    • Soft Skills Required :

  • Strong analytical and problem-solving skills.
  • Excellent verbal and written communication.
  • Ability to work independently and collaboratively in cross-functional teams.
  • Strong documentation and reporting capabilities.
  • Proactive, detail-oriented, and eager to learn.

    • Good to Have Skills :

  • Working knowledge of DevSecOps practices and tools.
  • Experience with container security (Docker, Kubernetes).
  • Certifications such as CEH or equivalent.
  • Familiarity with threat modeling tools (e.g., Microsoft Threat Modeling Tool, IriusRisk).
  • Experience in Agile / Scrum environments.

    • (ref : hirist.tech)

    Create a job alert for this search

    Application Security • Bangalore