Application Security Analyst || Mumbai - Andheri

Position Overview
The Security Analyst is expected to perform vulnerability assessment, security analysis, penetrationtesting, code review of the product/modules and report the findings in defect tracking tool. It also includes but not limited to re analyze the findings and work with developers for the fixes.

Job Functions/Responsibilities
1) Manual Testing:
• Perform threat modelling
• Perform architectural analysis
• Perform logical security assessment
• Monitor third party and internal APIs, SDK and libraries are up to date.
• Generate assessment report
• Report your findings as per severity
• Participate in secure SDLC by reviewing functional and design documents.
• Perform manual and automated code reviews by using IAST, SAST and DAST tools.
2) Automation testing:
• To use automated scanning tools
• Review false positives and true positives
• Generate assessment report
• Report your findings as per severity
• Analyze reports from interactive source code review tool for false positives and include it in the report.

3) Analysis and reporting:
• Create detailed assessment report as per eClinicalWorks standard.
• Report issues as per severity
• Review, analyze external pen test report.
• Follow up and review the fixes
4) Ad hoc request :
• Work on Ad hoc request related to application security. • Conduct pen. Test, Design reviews as
per the request
• Participate in release management by periodically assessing builds and patches as required by
QA and RM teams.
• Work with Cross functional teams like Architect, Engineering, QA, DevOps, support,
implementation and customers to meet security requirements as required by business need
based on various assessment, events and incidents.
• Work with 3rd party vendors to provide them support required for penetration testing.
5) Trainings and knowledge transfer :
• Conduct periodic security awareness training as per the requirement bases on global standards

Education Requirements :
• Bachelors Degree required; Masters Degree, BSCIT, MSCIT, any IT or Computer Graduate
• Preferred CEH, OSCP or any other security related certification.

Experience Requirements:
• 3 years of relevant experience in Web Application Security

Other Skills/Abilities
• Strong team player
• Interpersonal Skills
• Good communication
• Active listening
• Believes in team work over individual contributions
• Articulation of thoughts
• Able to express view assertively
• Ownership and accountability
• Passion
• Integrity
• Team work

Competencies:
• Understanding of OWASP Top 10, SANS Top 25 and WASC, NIST.
• Black Box, Grey Box security assessment of web application, Mobile application.
• Experience of identification and mitigation of vulnerabilities
• Good knowledge of TCP/IP and other application and network level protocols.
• Security in SDLC (Application Security)