Expertise in web application penetration testing and web services (API) penetration testing , mobile application security testing
Experienced in vulnerability Assessments using Automated Scanners such as Nessus / Qualys and Manual Security Testing Kali Linux / Metasploit and other infrastructure security testing tools
Experience with application architecture reviews, Threat modelling, Static Code Reviews and cloud security assessments
Ability to interact with project teams to understand the security requirements and come up with solutions
Knowledge on OWASP Top 10 and SANS Top 25 and ability to map the vulnerabilities identified against the standards
Familiarity with web application vulnerability scanners (Acunetix / HP Web Inspect / IBM AppScan etc and with source code analysis tools (Fortify / Checkmarx / Vera code / Klocworks)
Experience in using manual VAPT tools like Burp suite / ZAP / CSRF Tester etc.
Good client interaction and presentation skills
Experience in Security Pre-Sales and ability to handle a team would be a plus
Should be able to train team members in appsec activities
Good understanding of secure software development lifecycle processes across technologies.
Ability to communicate with the project teams and explain the vulnerabilities identified
Understanding of DevSecOps / CI / CD Integration and Agile Security testing methodology
Knowledge on network architecture reviews would be helpful
Skills Required :
Application Security, Penetration Testing, Vulnerability Assessments,
This role works in close collaboration with all members of the Application Security team and is fully integrated within the Information Security process.