Role & responsibilities 1. Security TestingConduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtimeExecute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risksEnsure applications are resilient to real-world attack vectors2. Vulnerability Management and Threat MitigationIdentify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure DesignAssess and remediate vulnerabilities in accordance with OWASP Application Security Verification Standard (ASVS)Use Threat Modeling to predict, identify, and mitigate potential security threats early in the development lifecycleProvide detailed report analysis and assess the actual business and technical impact of security vulnerabilitiesGenerate and analyze SAST reports, delivering actionable insights to technical and business stakeholdersImplement and maintain robust vulnerability management processes3. Cloud SecuritySecure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standardsEnsure data privacy and protection compliance with GDPR and HIPAA in cloud implementationsImplement security controls and frameworks for cloud applications and infrastructure4. Compliance and RegulationsEnsure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPRConduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS ControlsSupport the creation of secure applications that meet industry compliance and regulatory requirements5. DevSecOps IntegrationEmbed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediationCollaborate with DevOps teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure DevOpsAutomate security testing and monitoring to support agile development cycles6. Security Architecture and Best PracticesDesign secure application architectures to address OWASP Top 10 risks and API-specific threatsAdvocate and enforce secure coding practices throughout the development teamsIntegrate OWASP ASVS principles and Threat Modeling to enhance application securityDesign and implement security architecture for web, mobile, and API applications7. Leadership and TrainingLead security assessments and mentor junior team members on secure application practicesConduct workshops and training sessions on OWASP Top 10, PCI DSS, Secure SDLC, and other key frameworksAct as a subject matter expert (SME) in application security, fostering a culture of security awareness across the organizationRequired Skills and Qualifications1. Technical ProficiencyLegacy technologies: Java, .NETModern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etcCMS experience with Magento-Adobe and Avocode2. Cloud SkillsExpertise with AWS and Azure cloud platforms3. Security and Compliance KnowledgeStrong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity FrameworksFamiliarity with SANS Top 25 Software Errors and their remediation strategiesKnowledge of static compliance standards and security frameworks4. Security Testing ExpertiseProficiency in SAST, SCA, DAST, IAST, and penetration testing techniquesExperience in Threat Modeling to proactively identify and mitigate risksStrong knowledge of VAPT, mobile, and API security testing5. DevSecOps and SDLC IntegrationExpertise in implementing Secure Software Development Lifecycle (SDLC) practicesProficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure DevOps6. Soft SkillsExcellent communication skills to bridge the gap between technical and business teamsStrong leadership and collaboration skillsAbility to articulate technical issues to both technical and non-technical audiencesPreferred CertificationsCertified Information Systems Security Professional (CISSP)Certified Ethical Hacker (CEH)GIAC Web Application Penetration Tester (GWAPT)AWS Certified Security -- SpecialtyMicrosoft Certified: Azure Security Engineer Associate