- Includes Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API security testing, AI/ML platforms, and penetration testing
- Ensuring compliance with industry standards such as OWASP Top10, CWE, CVE, and NIST guidelines
Required Technical Knowledge& Competencies
- Expertise in SAST, DAST, API security testing, and penetration testing.
- Strong programming knowledge (Java, .NET, Python, JavaScript) for code level analysis,
- Background of Development
- Build, maintain, and secure automation pipelines using tools like Jenkins, GitLab CI, or GitHub Actions, ensuring security scans occur at every code commit.
- Implement and manage security tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Container Security (e.g., Trivy), and dependency scanning
- Use tools like Terraform or Ansible to deploy secure, compliant infrastructure.
- Proactively identify, prioritize, and remediate security vulnerabilities in application code and infrastructure.
- Ensure compliance with industry standards (e.g., PCI-DSS, GDPR) by embedding compliance-as-code into the development workflow.
- Act as a security advocate, working with DevOps and Development teams to foster a \"security first\" culture. Familiarity with cloud security testing (AWS, Azure, GCP),
- Experience with container security (Docker, Kubernetes),
- Excellent communication and stakeholder management skills.
Qualifications
- Bachelor’s degree in computer science, Information Security, or related field,
- 6-8 years of IT experience, with at least 5+ years in application security testing.
- Preferred certifications: OSCP, CEH, GWAPT, CISSP
