Subject Matter Expert - Fortify (4-8 yrs)

Job Description : Fortify SME's (OpenText).

Location : Bengaluru, Delhi, Gurgaon, Mumbai , Chennai.

Job Type : Full-time.

Experience : Minimum 4+ years of relevant experience.

Job Summary :

We are seeking an experienced Fortify SME with deep expertise in Application Security Testing (SAST, DAST, and SCA) and secure software development.

The ideal candidate will have hands-on experience using Micro Focus (MF) Fortify Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to assess, analyze, and remediate security vulnerabilities in enterprise applications.

This role involves working closely with development, DevSecOps, security, and compliance teams to embed security into the SDLC, integrate Fortify solutions with CI/CD pipelines, and ensure adherence to security best practices.

Fortify JD :

- 5+ years working within the application security field.

- At least 4 years of software development experience in at least two programming languages (Java, Microsoft C# .NET, C/C , Objective C, etc).

- 2-4 years of Experience using several build tools (e.g ant, make, maven, msbuild, ant, etc.)

- 2-4 years of Experience in performing static web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/ authorization, OWASP top 10 issues.

- Experts in integrating Microfocus Fortify into the software development lifecycle.

- Experience in deploying and integrating Micro Focus Fortify suite of products.

- Software Security Center(SSC).

- SCA.

- ScanCentral SAST.

- WebInspect.

- ScanCentral DAST.

- Sound understating of industry standards i.e. OWASP Secure coding practices, SANS.

Required Non-technical skills :

- In depth trouble shooting skills.

- Excellent verbal and written English communication skills.

- Experience in working with other members from remote locations.

- Time flexibility for meetings that may be conducted outside local business hours.

Key Responsibilities :

- Deep understanding of and hands-on experience with Micro Focus Fortify suite of products, including :

1. Software Security Center (SSC) : Configuration, administration, and management of the Fortify platform.

2. SCA : Software Composition Analysis for identifying and mitigating vulnerabilities in open-source components.

3. ScanCentral SAST : Static Application Security Testing to identify vulnerabilities in source code.

4. WebInspect : Dynamic Application Security Testing to identify vulnerabilities in running applications.

5. ScanCentral DAST : Centralized management and orchestration of DAST scans.

- Expertise in configuring and customizing Fortify rules and policies to meet specific project and organizational requirements.

- Ability to analyze and interpret Fortify scan results, identify and prioritize vulnerabilities, and generate comprehensive security reports.

- In-depth knowledge of application security best practices, including OWASP Top 10, SANS Top 25, and other relevant security standards.

- Strong understanding of secure coding principles and common vulnerabilities (e.g., SQL injection, XSS, CSRF, authentication/authorization issues).

- Experience in performing manual and automated security assessments (SAST, DAST, SCA) using various tools and techniques.

- Integrate Fortify solutions into the SDLC, including CI/CD pipelines, to enable automated security testing throughout the development process.

- Collaborate with development teams to implement secure coding practices and address security vulnerabilities early in the development cycle.

- Work with DevSecOps teams to automate security testing processes and improve overall security posture.