Application Security

Company description Resources is the backbone of Publicis Groupe, the world s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 5,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury and risk management to help Publicis Groupe agencies do what they do best: create and innovate for their clients. In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications and tools to enhance productivity, encourage collaboration and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients. Overview JOB SUMMARY: The position requires hands-on experience in application security testing, vulnerability management, and governance. The team lead will support the Global Security Offices existing DevSecOps practice and embed security in SDLC phases. He will need to be familiar with common vulnerabilities and must be proficient in performing manual exploitation of vulnerabilities without the aid of automated tools. The responsibilities associated with the position are as follows: Must be familiar with top industry Application Security testing tools. (HCL AppScan, Checkmarx, Veracode, Burp Suite and Synopsys Seeker) Proficient in mobile application penetration testing - android and iOS Proficient in Web application and infrastructure penetration testing Manual source code reviews of Client /Server-side programming languages and frameworks. Assist with implementing and designing automated security checks within the CI/CD. Participate in the implementation or deployment of new security tools and processes. Must have a strong command over HTTP request/response construction and the manipulation of these to achieve the desired results in exploiting various vulnerabilities. Should be familiar with Metasploit and Python. Good knowledge of security technologies for secure software development such as cryptography, authentication techniques, protocols etc. Expert in DevSecOps with hands-on experience in implementing security aspects in continuous integration, continuous delivery and deployment automation Strong oral communications and writing skills are a must. Must have a strong command over web application penetration testing or network infrastructure testing. Must be a self starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties. Responsibilities ESSENTIAL JOB REQUIREMENTS: Good understanding of OWASP Top 10 vulnerabilities, SANS Top 25, OSSTMM, PTES, NIST standards. 2-3 years of direct experience in vulnerability and penetration testing. OSCP, OSWE, CEH and other technical certifications are a plus. A proficient in Jenkins, Docker, Java, Python, Ruby, Perl, Scripting YAML, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) Minimum 2 years experience in Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.) 2 years experience of implementing and handling DevSecops Practice. Hands-on experience with Jenkins, Docker, Kubernetes and microservice architecture. A can do attitude team player who works well under pressure and with dispersed groups, worldwide. Mandatory language skills (oral, written and listening) : English Qualifications Bachelor s degree within a science or related discipline. Additional information OTHER JOB REQUIREMENTS: Good communication and presentation skills Ability to work effectively and collaboratively with stakeholders. Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences. DISCLAIMER Nothing in this job description restricts management s right to assign or reassign duties and responsibilities to this job at any time. This job description reflects management s assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned.