Careers

Senior Application Security Engineer

Colombo, Sri Lanka
Post Date: 01/08/2022 Close Date: 31/08/2022

What We Are Looking For In You?

Responsibilities

Scope and perform vulnerability assessments and penetration tests against large scale, complex applications including web, mobile and thick/thin client applications

Provide guidance to development and testing teams during application security assessments. Must be able to identify, reproduce, and remediate security defects

Work with SAST/DAST/SCA/RASV tools and support Application Security BAU operations

In-depth knowledge on common web application security flaws and secure coding practices and the ability to clearly explain security issues to project and development staff

Prioritize and track security issues and work with the necessary teams to ensure remediation

Serve as a leader by promoting security awareness, mentoring other team members, and staying up to date on current development methodologies (Agile/DevOps)

Stay up to date on security industry trends

Assist in development of security processes and automated tooling that prevent classes of security issues

Proactive participation in application security related matters of the company

Engaging with security experts of clients/other organizations

Pre - Requisites

BSc in Computer Science/Engineering or equivalent qualification

5+ years software development experience including Java and typescript/Javascript languages

3+ years experience in different types of application security testing Experience with commercial and Open source SAST/DAST/SCA tools

In-depth understanding of OWASP framework and its practical usage

Experience in working on API security

Strong hands-on experience with Application-level testing (SAST/DAST/SCA/Manual assessment) and tooling

Strong experience with modern scripting languages

Good Knowledge of Cloud native deployments and their security layers

Strong understanding of web applications and architectures, relational and non-relational databases, and hardware architectures, and effectively applying the principles of information security to IT environments

Sound knowledge of security frameworks (OWASP, SANS CWE), secure coding practices, information security principles & architecture, and industry-specific frameworks

Must have Knowledge of most common implementations of the Threats in application security (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS, etc.)

Implemented DevSecOps principles into an organization along with good knowledge on the technology used

Good understanding on TCP/IP, UDP, HTTP, HTTPS,HTTP, TLS, REST, SOAP, XML and JSON in relation to APIs

Being able to interpret reports generated by standard security tools and work on remedies

Sounds Like You? Great We Want you!

Submit Your Image

Submit Your Resume

[_url]