Requirements

Expected technologies

C#

Perl

Python

Our requirements

• A professional with a certain level of knowledge and at least 8 years of expertise in Software application pen testing
• Knowledge of the DevSecOps framework, understanding on NIST, OWASP, MITRE, CWE etc
• An understanding of programming languages such as C#, Perl, JavaScript, Python and/or PHP
• Understanding of TCP/IP, common networking ports and protocols, OSI model
• Knowledge of Threat modelling and risk assessment techniques
• Up-to-date knowledge of cybersecurity threats, current best practices, and latest software.
• An understanding of programs such as HP Fortify, Puppet, Chef, ThreatModeler, Checkmarx, Aqua. They may also need to know Kubernetes/ Docker. Security assessment tools (e.g. NESSUS, NMap, BurpSuite, ZAP, OWASP tools, Kali Linux tools, Fuzzing tools)
• Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
• Knowledge of one or more SSO methodologies (SAML, LDAP, OpenID)
• Experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
• The job demands to have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.
• Education: Bachelor of Technology / Master of Technology in: Computer Science (CS), Information Technology (IT), Electrical Engineering (EE), Electronics and Communication (EC), Electronics and Instrumentation (EI)
• Cybersecurity Certifications: CEH / OSCP – Preferred

Your responsibilities

• Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives
• Oversee the management and remediation of identified security flaws within our development platforms
• Build and maintain monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs
• Drive vulnerability assessment and penetration testing (VAPT) activities for multiple R&D applications, implement DEVSECOPS across the product line
• CI/CD integration of SAST and DAST platforms