Application Security Analyst

Application Security Analyst

Talent Hunter is an IT and Telecom Recruitment Company ensuring the best professional opportunities for talents in the high-tech industry and providing quick and cost-effective solutions to client companies seeking the best talent for their business. We believe that each one of us is designing our lives through the everyday choices we make.

Our client is one of the fastest-growing large tech companies in the world and supercharging progress through industry-leading capabilities centered around Digital, Engineering, R&D, Cloud, AI, IT infrastructure, BPO, industry-specific solutions including financial services, healthcare, manufacturing, retail, telecommunications, and public sector.

Working time: 14:00 PM to 22:30 PM BG TIME

Responsibilities:

• Develop and maintain security architecture and requirements for enterprise applications and platforms.
• Conduct security testing across multiple system layers including applications, APIs, cloud environments, operating systems, and databases.
• Perform security configuration reviews based on security architecture controls, including log management, encryption, and Role-Based Access Control (RBAC).
• Execute both tool-based and manual security testing of web applications, APIs, and web services, adhering to OWASP Top 10 and SANS 25 standards using tools such as Rapid7, HP Web Inspect, and Veracode.
• Utilize Burp Suite and its extensions for security testing.
• Conduct secure source code reviews using tools like Veracode and Software Composition Analysis (SCA) using tools such as Blackduck and OWASP Dependency Check.
• Validate test results, analyze identified vulnerabilities, perform risk assessments, and develop remediation plans.
• Ensure security throughout the software, system, and data lifecycle.
• Utilize cloud technologies (AWS, MS Azure, MS Office 365, MS Power Platform, SharePoint), web application technologies (Java, .NET, Drupal), and manage common web server operations (IIS, Apache).
• Optionally, perform programming/scripting tasks using Python and Selenium.

Requirements:

• 3-5 years of experience in penetration testing
• Proven level of understanding in security architecture and requirements for enterprise applications and platforms.
• Skilled in creating conducting security testing across multiple system layers (applications, APIs, cloud, OS, databases, Azure and AWS).
• Proven experience in security configuration reviews per the security architecture controls. (Eg: Log management, Encryption, RBAC)
• Tool based and manual security testing of web applications, APIs, and web services based on OWASP top 10 or SANS 25 standards using testing tools (Rapid7, HP Web Inspect, Veracode)
• Proficient in using Burp and its extensions
• Knowledgeable about common security vulnerabilities (OWASP Top 10, privilege escalation, RBAC, SQL injection, XSS, etc.,), authentication/authorization testing (OAuth, OpenID Connect, SAML, etc), exploit techniques, and abuse case testing.
• Secure source code reviews (using tools like Veracode),SCA (tools like Blackduck, OWASP Dependency check)
• Skilled in validating test results, analyzing vulnerabilities, risk assessment of the identified issues and developing remediation plans.
• Deep understanding of security throughout the software, system, and data life cycle.
• Proficient in cloud technologies (AWS, MS Azure, MS Office 365, MS Power platform, SharePoint), web application technologies (Java, .NET, Drupal), and common web server operations (IIS, Apache).
• Experience in programming / scripting in Python, and Selenium is advantageous.
• Preferred certifications: Certified Ethical Hacker (CEH), Azure Solutions Architect Associate, CSA Certificate of Cloud Security Knowledge (CCSK), Certified Information Systems Security Professional (CISSP), and Information Systems Security Management Professional (ISSMP) is a plus.

We offer:

• Attractive compensation package.
• Career and Development - worldwide career opportunities, access to a high-tech Engineering Lab.
• Work That Fits Your Life ­- possibility to work from home, transition support through life events.
• Wellness and Health Programs.
• Exciting Workplace Experience.