Location : Hyderabad
Job Title: Sr. Analyst (Secure Code Review)
Job Description:
The Secure Code Review service is part of the Security Testing Services Team. It is a part of Application Security testing service and is the process of identifying, documenting, and consulting on specific Application Security threats and vulnerabilities, associated likelihood and impact, and mitigating controls. Results of the assessment are documented in a report which consists of security plan, list vulnerabilities. Secure Code Review is a process to identify and assess risks present in applications using a hybrid static analysis methodology.
Job Profile Details:
The candidate is expected to execute/Lead primarily Secure Code Review projects
The candidate is expected to execute/Lead Application Security and Penetration Testing projects as well as business demands
The candidate will be expected to gain in-depth knowledge and understanding of computer applications, including various languages (i.e. Java, ASP, .NET, C++, C#, etc.).
The candidate will be involved in application architecture understanding, threat identification, vulnerability identification and control analysis
The candidate will be expected to do likelihood determination, impact analysis and risk determination.
Job would require prioritizing risk responses including solution recommendation and documentation.
Candidate will be required to demonstrate strong communication (verbal and written) and , problem solving capabilities
Selected individual will be expected to successfully comprehend large complex applications written by others from reading code and application design.
May have to handle multiple complex assignments simultaneously.
Engage with both business people and technical people within and outside the organization from a project scope definition, project execution, project closure perspectives
Communicate complex subjects in easy to understand terms and stay current with emerging technologies and industry trends
Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
The candidate should be able to successfully lead and execute projects, mentor and train junior resources with focus on enhancing their skillsets
The candidate should be open for onsite deployments as business demands
Skills required: 3+ years of Secure Code Review Experience
Experience with web-based application development
3 years combined experience with J2EE (servlet/JSP) and/or .NET (C#/VB.Net and ASP.NET)
Knowledge of Design Patterns
Experience with relational databases from an application development perspective
Application security testing experience
Secure code review experience
Ability to handle difficult situations and to provide alternative solutions or workarounds
Flexible and creative in helping to find acceptable solutions
Experience in training and mentoring others
Good communication and writing skills with the ability to talk to both business people and technical people
Preferred Skills:
• Framework experience (Struts, Spring)
• Understanding of AJAX and web services
• Knowledge of application security vulnerabilities such as the OWASP Top 10
• Experience in Application Security Audits will be a plus.
• Software Maintenance Experience
• Security certification
• Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)
o Basic understanding of the following protocols/technologies:
o SSL/TLS
• Cryptography (symmetric and asymmetric encryption, PKI, etc.)
• Ability to work on multiple complex assignments simultaneously
• Ability to work alone or in groups
To visit and apply:
https://jobs.null.co.in/job/14654/hiring-for-code-review-at-paladion-networks-at-paladion-networks/
