What are the responsibilities and job description for the Security Tester - SAST, DAST position at People Force Consulting Inc?
Job Details
Experience with Device Testing is MANDATORY
Responsibilities:
- Conduct comprehensive security assessments of medical device software using SAST and DAST tools to identify and report vulnerabilities.
- Analyze software bills of materials (SBOMs) to identify and mitigate supply chain risks.
- Identify and analyze threats, conduct threat modeling, and develop and adapt mitigation strategies.
- Develop and maintain detailed security testing strategies and procedures.
- Collaborate with software development teams to integrate security best practices into the development lifecycle.
- Integrate security practices into CI/CD pipelines with DevOps teams.
- Use tools such as Burp Suite and browsers to find security issues, including business logic-related issues not typically detected by automated security scanning tools.
- Validate the implementation of security mitigations using manual penetration testing techniques and tools.
- Enhance secure SDLC practices, including threat modeling and security test automation.
- Investigate and respond to security incidents and vulnerabilities.
- Identify and mitigate security risks in cloud applications and infrastructure.
- Work with software developers and architects to determine appropriate mitigations for security issues.
- Conduct regular security assessments, penetration testing, and vulnerability analysis.
- Stay up-to-date on the latest security threats and trends in the medical device industry.
- Create and execute plans to evaluate new security tools.
- Curate standard approaches in tools such as threat modeling tools to enable reuse.
- Create and execute detailed security testing scripts using manual or automated approaches.
- Create reusable test scripts for common security requirements.
- Evaluate security requirements for gaps and research best practices for security issue remediation while creating security test cases.
- Consolidate testing results into standard templates for inclusion in regulatory documentation systems.
- Map security requirements to functional or system requirements to ensure traceability
Educational Qualifications: -
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Relevant security certifications such as CISSP, CEH, OSCP, or others.
- Experience in the medical device industry.
- Knowledge of cloud security and DevSecOps practices.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
