Application security

Application Security

Location- Raleigh, NC

Fortify tools :

Mandatory Skills : Fortify (DAST ( Webinspect), SAST (SCA), SSC , API) , Azure DevOps

Primary Skills :

1. Expert in Static Application Security Scan / Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan / Analysis (DAST)

2. 'Good knowledge of Application Threat Modelling, RASP, IAST

3. Good hands-on experience on AppCheck, Veracode and Fossa

4. Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application Infrastructure level

5. Experience of building Security Gates / threshold levels for build pass / fail

6. API Security, Container Security implementation / good knowledge

7. Information Systems / Network Security experience

8. Demonstrated experience leading Security Design Reviews and / or Architecture Risk Analysis

9. Expertise in OWASP & Good knowledge of NIST, SANS, PCI, ISO 27001

10. Mobile Application Security testing

11. Proficient with manual and automated scanner approaches

12. Sound Knowledge of Devops environment

13. Implemented DevSecOps (Secure CI / CD integration)

14. Integration, Management, and configuration of DevSecOps Tools

15. Preparing security advisories and defining the severity levels for the vulnerabilities

16. Scanning, validation and reporting of vulnerabilities on daily and monthly basis

17. Preparing monthly security reports for the management

Certifications :

• Requirement : Certified Ethical Hacker (CEH), Bachelors / Master's in computer science / IT-Cyber Security
• Desirable : OSCP, CISSP

Other requirements :