MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious
2

Consultant

Location Hyderabad, India
Posted 14-September-2021
Description
The key responsibilities of the role are as follows:

Work closely with project teams and understand the business context of the end-to-end solution.
Proactively plan security reviews schedule in waterfall and agile methodologies
Perform threat modeling of the solutionidentifying design-level threats & recommending mitigations
Periodically deliver hands-on SDL trainings to developers, with focus on application security
Perform security code review of the solution using manual and automated techniques
Perform manual security testing of the application using proxy tools such as Burp
Create automation scripts/tools whenever required to improve the efficiency of security reviews
Use automated scanners to scan the solution and filter false positives
Log review findings in VSTS with appropriate severity and perform regression once they are fixed.
Setup regular meetings with project teams and provide status updates
Create reports on security review findings, participate in triage discussions and customer meetings.


Qualifications

The following are the basic qualifications for this role:

5years of experience in application security space
Exposure to Security Development Lifecycle (SDL) process
Good understanding of Microsoft .NET technologies
Good understanding of Identity protocols (OpenId Connect, OAuth2.0 etc.)
Good understanding of cloud technologies, preferably Azure
Full understanding of the web stack, web security, common application vulnerabilities & mitigations
Development skills to facilitate manual security code reviews or tool development
Basic penetration testing skills
Aware of contemporary happenings, vulnerabilities & mitigations in application security space
Degree or equivalent in Computer Science, Engineering or equivalent

One or more of the following is a potential plus:

Building applications in Microsoft technology stackASP.NET, Web APIs, SQL Server etc.
Deploying applications in Azure and good understanding of Azure security concepts
Participation in Bug Bounty programs, Capture the Flag (CTF) events
Demonstration of security skills in security meetups/conferences/blogs
Development of security tools, or hobby projects on GitHub

One or more of the following is a potential minus:

Reporting security issues using automated security tools with no technical understanding of the issues
Showcasing security certifications without demonstrating the corresponding conceptual/hands-on skill
Have not written code in the last one year
Experience
Min 5 to 8 Years.

 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url