Job Description :
Application security Engineer for one of the US based manufacturing company near Pune
Skills required :
Required Skill sets :
Desired Experience / knowledge / expertise with the following :
Static and dynamic code scanning tools and methodologies, such as Fortify, WhiteHat, Burp, SonarQube, etc.
Project and software development lifecycles (SDLC, DevOps, DevSecOps, Waterfall, Agile, etc.)
Web application communications network architecture, authentication & authorization schemes and protocols, Web APIs, secure authentication mechanisms, secure password storage & exchange, Multi-factor authentications, SSO, Open SSL, Containers
Web application development frameworks, protocols, content management systems and techniques : SFTP, JBoss, Apache, IIS, .NET, WordPress, etc.
General Database knowledge (Oracle, MS Sqlserver)
Database Architecture, Schema design
Database authentication, authorization methods / protocols
OWASP tools and methodologies.
Vulnerability scanning tools and methods, such as Nexpose, Nessus, etc.
Common application attack methods, and associated preventions / defenses
HITRUST / HIPAA
Knowledge / experience around applications development / deployment on cloud in different models public, private, hybrid
DevSecOps experience & expertise. Should help to create a 'Security as Code' culture