Security testing

Exp- 7 to 8 YrsLocation -Mumbai(Mahape)4 Days work from office , 1 Day work from homeKey Responsibilities Pipeline Security Integration: Design, implement, and manage security tools and processes within the CI/CD pipeline. Vulnerability Management: Oversee and lead VAPT (Vulnerability Assessment and Penetration Testing) efforts for all applications. Tool Expertise: Administer and operate a suite of security tools, including: SAST (Static Application Security Testing): Checkmarx, SonarQube. Snyx SCA (Software Composition Analysis): Snyk. DAST (Dynamic Application Security Testing): Acunetix, Burp Suite, AppScan. Threat Modeling: Conduct threat modeling exercises to identify potential security risks early in the development lifecycle. Security Automation: Automate security testing and vulnerability scanning processes to improve efficiency and reduce manual intervention.Collaboration: Work closely with development, operations, and QA teams to remediate vulnerabilities and promote a security-first culture. Reporting: Generate and present detailed reports on security posture, vulnerability trends, and remediation progress to senior management. Mentorship: Mentor and guide junior team members on DevSecOps best practices and security tools. Required Skills & QualificationsExperience: 5-6 years of relevant experience with Application Security, or a similar role, preferably within the Banking or NBFC sector.Technical Proficiency: Extensive, hands-on experience with SAST, SCA (open source) and DAST tools as listed above. Security Knowledge: In-depth understanding of application security vulnerabilities, including OWASP Top 10, and common attack vectors. Pipeline Knowledge: Working Knowledge of CI/CD pipelines and experience integrating security tools into them. VAPT: Proven experience in conducting and coordinating VAPT activities. Problem-Solving: Excellent analytical and problem-solving skills with a keen eye for detail. Communication: Strong communication and interpersonal skills, with the ability to articulate complex security concepts to non-technical stakeholders.

Apply Now