|
Working knowledge in various web application attacks like SQL-I, XSS, CSRF, etc. |
|
Possess good technical skills and communications |
|
Should possess working knowledge in conduction both DAST and SAST in both web and mobile applications (iOS & Android). |
|
Good exposure and knowledge in security testing tools like Burp Suite, IBM Appscan, IBM Appscan source, Checkmarx, Micro focus Fortify, Ready APISecure Pro etc. |
|
Possess good knowledge in API security which includes (SOAP and RESTful). |
|
Knowledge in security automation would be added advantage. |
|
Good understanding various security testing standards includes OWASP top 10, WASC, SANS 25 etc. |
|
Good knowledge in security compliance standards like PCIDSS, HIPAA will be added advantage. |
|
Knowledge in DevSecOps in CI/CD pipeline which includes integration of various security testing tools like ZAP, Sonarqube, etc. in pipeline would be added advantage. |
|
Follows the required communication with internal and external partners to complete application security reviews. |
|
Make recommendations for updates, additions, and modifications to security policy as gaps or deficiencies in security policy are identified. |